In recognition of the importance of personal information, KDDI Corporation (hereinafter referred to as "KDDI") complies with the Telecommunications Business Law, Personal Information Protection Act, guidelines according to business fields as specified by a competent authority, including Guidelines Concerning Protection of Personal Information in Telecommunications Businesses, and other related laws and ordinances publicly in order to ensure the protection of personal information. In addition, KDDI handles personal information in the following manner:
1. Collection of Personal Information
We handle the information described in items 1 through 6 below, which is collected through legal and fair means. Personal Information collected on customers may be shared among the services and operations of KDDI.
- Information collected from written sources such as application forms filled in by customers, or a company website, or verbally collected in order for us to provide telecommunications services (including services associated with telecommunications services: see Attached Sheet 1New Window) and other services. When answering a telephone call from a customer, we may record the call to verify the inquiry and improve our services.
- Information obtained as a result of the use of our services by a customer
- Information obtained from a residence certificate or the like by making inquiries at a public institution
- Information obtained from various sources open to the public, such as telephone directories and official government gazettes
- Information obtained from credit information reference centers
- Information lawfully obtained from a third party by referral of a customer
2. Use of Personal Information
We will not use personal information in our possession beyond the extent necessary for fulfilling its intended purpose of use (see purpose of use by business field), except in the following cases:
- If a customer consents;
- If required by laws and ordinances;
- If such information is required for the protection of human life, body or property, and it is difficult to obtain a customer's consent;
- If such information is required especially for the improvement of public health or the promotion of sound nurturing of children, and it is difficult to obtain a customer's consent; or
- If it becomes necessary under applicable laws and ordinances to cooperate with a government agency, local public agency or parties authorized by them, and obtaining of consent from the customer is likely to hinder the execution of such duties.
3. Management of Personal Information
We take measures to control access to personal information, limit means for taking personal information outside the office, and prevent unauthorized external access. We also take measures to prevent personal information being leaked, lost or damaged and other necessary and appropriate measures for personal information security management (hereinafter referred to as "Security Management Measures").
When taking Security Management Measures, we properly implement technological and organizational protections as shown below by using the frameworks of the Info-Communications Safety and Reliability Standards (Ministry of Posts and Telecommunications Notice No. 73 of 1987) and Information Security Management System (ISMS).
(1) Technological Protection Measures
- We control access to personal information (limiting the number of employees authorized to access personal information regarding measures including the immediate cancellation of accounts of employees who are transferred or leave the company, the establishment of a system for monitoring access status such as longterm storage of access logs, the change of passwords at regular intervals, and room entry/exit supervision, etc.)
- We limit the means for taking personal information outside the office (prohibition of saving to external storage devices without due reasons and establishment of a monitoring system of e-mail between inside and outside the company in the company rules).
- We take measures to prevent unauthorized external access (installation of firewalls, etc.)
(2) Organizational Protection Measures
A) Supervision of employees (including temporary employees)
- As the designated person in charge of the management of personal information, we appoint a "Person in charge of information security" and define the responsibility and authority of an employee with respect to personal information security management.
- We establish internal rules and compile manuals concerning security management, instruct employees to comply with such rules and manuals, and perform appropriate audits on the status of compliance.
- We provide employees with training and education on personal information security management.
B) Supervision of contractors
We may contract all or part of our personal information handling operation. In such a case, we select a contractor who is expected to properly handle personal information, appropriately specify matters concerning handling of personal information such as Security Management Measures, confidentiality, terms and conditions of recontract, return of personal information upon expiration or termination of contract agreement, and perform necessary and appropriate supervision.
4. Disclosure of Personal Information
We will respond without delay to requests from a customer or their agent for disclosure of relevant personal information, except in the following cases.
- If there is a possibility of damaging life, body, property, or other rights or interests of the customer or any third party;
- If there is a possibility of significantly interfering with proper operation of our business; or.
- If it may violate laws or regulations.
For more details of procedures for personal information disclosure, Please contact us via the Contact Us page.
5. Response to Other Matters Concerning Personal Information
(1) Revision, etc. (revision, addition, deletion, stoppage of use, and stoppage of provision to third parties) of personal information
If requested by a customer or his/her agent to make a revision, etc. of relevant personal information, we will conduct an investigation without delay. We will promptly perform the revision, etc. if the results of the investigation determine that the relevant personal information is incorrect, the information retention period has expired, or the handling of the information is inappropriate.
To make a request for revision, etc. of personal information, Please contact us via the Contact Us page.
(2) Notification of purpose of use
If requested by a customer or his/her agent to provide notification of the purpose of use of the personal information, we will provide notification without delay, except in the following cases:
- When the purpose of using the specified personal information is already clear to the customer;
- When provision of the notification poses a threat to the life, physical body, property, or other rights and interests of the customer or a third party;
- When provision of the notification poses a threat to the rights or legal interests of our company; or
- When we are required to cooperate with national institutions or local authorities in the execution of affairs prescribed by law, and when provision of the notification may constitute a hindrance to the execution of such affairs.
To make a request for notification of purpose of use of personal information, Please contact us via the Contact Us page.
(3) Complaints on the handling of personal information
We will, in an appropriate and timely manner, respond to complaints regarding the use, provision, disclosure or revision of personal information, or other complaints regarding the handling of personal information.
To file a complaint, Please contact us via the Contact Us page.