- I Handling of Personal Information in Telecommunications Business Field
- II Handling of Personal Information in Installment Sales and Individual Financing Agency Business Fields
- III Handling of Personal Information in Banking Agency, Insurance Agency, and Financial Product Intermediary Businesses
- IV Handling of Personal Information in the Retail Electricity Business Field
In recognition of the importance of personal information, KDDI Corporation (hereinafter referred to as "KDDI") complies with the Telecommunications Business Law, Personal Information Protection Act, laws concerning the use of specific numbers for identifying individuals for government procedures, Guidelines Concerning the Personal Information Protection Act (General Provisions, Anonymously Processed Information, Obligation of Confirmation and Keeping of Record on Third Party Provision, Provision to Third Parties Outside Japan), Guidelines Concerning Protection of Personal Information in Telecommunications Businesses, and other related laws and ordinances in order to ensure the protection of personal information. In addition, KDDI handles personal information in the following manner.
Furthermore, KDDI complies with the Guidelines Concerning Protection of Personal Information in Telecommunications Businesses created by an accredited personal information protection organization of which KDDI is a member (Telecommunications Personal Information Protection Promotion Center).
We handle the information described in items 1 through 6 below, which is collected through legal and fair means. Personal Information of customers includes information on the Subscriber as well as personal information on all users obtained through the User Registration System for au Telecommunications Services. There may be cases where customer information is not considered personal information due to its content. We will, however, give due consideration to the handling that information.
- Information collected from written sources such as application forms filled in by customers, or a company website, or verbally collected in order for us to provide telecommunications services (see Attached Sheet 1-1), services associated with telecommunications services (see Attached Sheet 1-2), and other services. When answering a telephone call from a customer, we may record the call to verify the inquiry and improve our services.
- Information obtained as a result of the use of our services by a customer (access information obtained using technology such as cookies, web beacons, and IDFA (Identifier For Advertisers), including information automatically obtained by our systems).
Access information obtained using technology such as cookies, web beacons and IDFA may be used in combination with personal information held by KDDI.
- Information obtained from a residence certificate or the like by making inquiries at a public institution
- Information obtained from various sources open to the public, such as telephone directories and official government gazettes
- Information obtained from credit information reference centers
- Information lawfully obtained from a third party by referral of a customer
KDDI obtains the consent of the customer when obtaining information stipulated by law as sensitive personal information.
KDDI collects and uses personal numbers and specific personal information in accordance with laws concerning the use of specific numbers for identifying individuals for government procedures (My Number) only for the purpose of use as defined by those laws.
(1) Range of Use
Information possessed by KDDI may be mutually utilized beyond the extent necessary for fulfilling its intended purpose of use for each service and operation (see purpose of use by business field), except in the following cases. Also, KDDI may use the information when delivering service information of associated companies and other affiliations (see Attached Sheet 5).
- If a customer consents;
- If required by laws and ordinances;
- If such information is required for the protection of human life, body or property, and it is difficult to obtain a customer's consent;
- If such information is required especially for the improvement of public health or the promotion of sound nurturing of children, and it is difficult to obtain a customer's consent; or
- If it becomes necessary under applicable laws and ordinances to cooperate with a government agency, local public agency or parties authorized by them, and obtaining of consent from the customer is likely to hinder the execution of such duties.
(2) Change in Purpose of Use
KDDI may change the purpose of use if a connection with the purpose of use prior to the change can be reasonably recognized.
When the purpose of use is changed, KDDI notifies the person concerned or announces the changed purpose of use on the KDDI website.
(3) Deletion of Personal Data
When the purpose of use has been achieved or when the purpose of use has not been achieved but the business predicated on the purpose of use has been discontinued, KDDI deletes the personal data concerned without delay.
However, KDDI may use the personal information within the range of the purpose of use after termination of the various agreements with the customer.
- When creating anonymously processed information, KDDI takes the necessary measures to prevent identification of specific individuals or restoration of the personal information used in such creation.
- In addition, when using anonymously processed information, KDDI does not compare such information with other information for the purpose of identifying (re-identifying) the individual to whom the original personal information relates.
- When creating anonymously processed information, KDDI publicizes the items of personal information included in the anonymously processed information concerned, as required by law.
- When providing anonymously processed information created by KDDI to a third party, KDDI publicizes the items of personal information included in the anonymously processed information provided to the third party and the method of provision, and also clearly indicates to the third party that the information to which the provision relates is anonymously processed information.
When providing personal data to third parties outside Japan, KDDI takes the necessary measures to obtain consent in compliance with the law.
We take measures to control access to personal information, limit means for taking personal information outside the office, and prevent unauthorized external access. We also take measures to prevent personal information being leaked, lost or damaged and other necessary and appropriate measures for personal information security management (hereinafter referred to as "Security Management Measures").
When taking Security Management Measures, we properly implement technological and organizational protections as shown below by using the frameworks of related laws and ordinances, guidelines and the Information Security Management System (ISMS).
(1) Technological Protection Measures
- We control access to personal information (limiting the number of employees authorized to access personal information regarding measures including the immediate cancellation of accounts of employees who are transferred or leave the company, the establishment of a system for monitoring access status such as longterm storage of access logs, the change of passwords at regular intervals, and room entry/exit supervision, etc.)
- We limit the means for taking personal information outside the office (prohibition of saving to external storage devices without due reasons and establishment of a monitoring system of e-mail between inside and outside the company in the company rules).
- We take measures to prevent unauthorized external access (installation of firewalls, etc.)
(2) Organizational Protection Measures
A) Supervision of employees (including temporary employees)
- As the designated person in charge of the management of personal information, we appoint a "Person in charge of information security" and define the responsibility and authority of an employee with respect to personal information security management.
- We establish internal rules and compile manuals concerning security management, instruct employees to comply with such rules and manuals, and perform appropriate audits on the status of compliance.
- We provide employees with training and education on personal information security management.
B) Supervision of contractors
We may contract all or part of our personal information handling operation. In such a case, we select a contractor who is expected to properly handle personal information, appropriately specify matters concerning handling of personal information such as Security Management Measures, confidentiality, terms and conditions of recontract, return of personal information upon expiration or termination of contract agreement, and perform necessary and appropriate supervision.
If a customer does not wish to receive advertising material via direct mail (including information via e-mail and SMS), he/she may request us to cease delivery. However, delivery of information necessary for operation of KDDI business, such as e-mail related to confirmation of an application or order concerning services provided by KDDI and e-mail containing important notifications related to services used by the customer, is excluded from this opt-out provision. To request termination, contact us at the following locations:
"KDDI Customer Service Center"
Customer using au mobile phone
From au phones:Dial 157 with no area code(toll-free)
From general fixed-line phones:0077-7-111(toll-free)
Open: 9:00 - 20:00 (including Saturdays, Sundays and national holidays)
- If you cannot use the above numbers: 0120-977-033
- Customers using Internet Phone Service
Open: 9:00 - 20:00 (including Saturdays, Sundays and national holidays)
- If you cannot use the above numbers: 0120-22-0077
We will respond without delay to requests from a customer or their agent for disclosure of relevant personal data, except in the following cases. Please note that a customer includes all users registered with the User Registration System for au Telecommunications Services, in addition to a subscriber.
- If there is a possibility of damaging life, body, property, or other rights or interests of the customer or any third party;
- If there is a possibility of significantly interfering with proper operation of our business; or.
- If it may violate laws or regulations.
For inquiries about personal information disclosure, contact us at the following location:
[KDDI Corporation Personal Data Disclosure Consultation Office]
KDDI Building 2-3-2 Nishi-Shinjuku, Shinjuku-ku, Tokyo 163-8509
03-6670-6684 (9:00 - 17:00 Every day except Saturdays, Sundays, national holidays and Year End/New Year holidays)
For more details of procedures for personal data disclosure, refer to Attached Sheet 2.
(1) Revision, etc. (revision, addition, deletion, stoppage of use, and stoppage of provision to third parties) of personal data
If requested by a customer or his/her agent to make a revision, etc. of relevant personal data, we will conduct an investigation without delay. We will promptly perform the revision, etc. if the results of the investigation determine that the relevant personal data is incorrect, the information retention period has expired, or the handling of the information is inappropriate.
To make a request for revision, etc. of personal information, contact the KDDI Corporation Personal Data Disclosure Consultation Office above.
(2) Notification of purpose of use
If requested by a customer or his/her agent to provide notification of the purpose of use of the personal information, we will provide notification without delay, except in the following cases:
- When the purpose of using the specified personal information is already clear to the customer;
- When provision of the notification poses a threat to the life, physical body, property, or other rights and interests of the customer or a third party;
- When provision of the notification poses a threat to the rights or legal interests of our company; or
- When we are required to cooperate with national institutions or local authorities in the execution of affairs prescribed by law, and when provision of the notification may constitute a hindrance to the execution of such affairs.
To make a request for notification of purpose of use of personal information, contact the KDDI Corporation Personal Information Disclosure Consultation Office above.
(3) Complaints on the handling of personal data
We will, in an appropriate and timely manner, respond to complaints regarding the use, provision, disclosure or revision of personal data, or other complaints regarding the handling of personal data.
To make a request for revision, etc. of personal data, contact the KDDI Corporation Personal Data Disclosure Consultation Office above.
Please note that we are unable to accept any of the above requests made in person at our office.
- President's Message
- Corporate Profile
- The KDDI Group Philosophy
- Brand Message
- Management Plan
- Our Business
- Released Information
- Organization Chart