For the aforementioned purpose, the Company will:
1.Collection of Personal Information
KDDI handles the information as listed below, which is collected by legal and fair means. Personal Information collected on customers may be shared among the services and operations of KDDI corporation group and affiliates. KDDI collects the personal information (such as name, address, telephone number, E-mail address and e.g.) of its customers to the extent necessary to provide KDDI EUROPE services. In addition, when KDDI has collected personal information from its customers or attempts to collect personal information from its customers, KDDI discloses to its customers and announces to (or notifies) its customers the intended purpose for which it will use such information.
2.Usage of Personal Information
KDDI will not handle the personal information in its possession beyond the extent necessary for fulfilling its intended purpose of usage except in the following cases:
- (a.) In instances where the customer has granted their permission.
- (b.) In instances where KDDI is required to do so by a legally-enforced order.
- (c.) If it becomes necessary by legal ordinance to cooperate with a government agency, public authorities, or parties authorized by them, and there is concern that seeking permission of the customer may hinder the execution of the relevant duties.
3.Management of Personal Information
KDDI takes measures to manage access to personal information, limit the steps of its handling, and prevent unauthorized outside access, as well as measures to prevent leakage, loss or damage (hereinafter referred to as "Leakage, etc.") and other necessary and appropriate measures (hereinafter referred to as "KDDI Data Protection Policy" (“öffentliches Verfahrensverzeichnis”)) in order to safely manage personal information.
KDDI Data Protection Policy is classified into two major categories, Technological Protection Measures and Organizational Protection Measures, and each category is implemented appropriately.
a. Technological Protection Measures
- (1) Clearly regulating the responsibility and authority of employees and subcontracted parties engaged in security management.
- (2) Establishing internal codes of behavior and manuals regarding security management, and instructing employees to comply with such codes and manuals, as well as supervising compliance with such codes and manuals where appropriate.
- (3) Appropriate supervision of employees and subcontracted parties involved with the security management through measures such as confidentiality agreements with employees and subcontracted parties.
- (4) A necessary training for employees involved with the security management.
- (5) Physically secured data center premises.
- (6) Logically protected IKT infrastructure associated with the storage, transportation and processing of personal information.
b. Organizational Protection Measures
- (1) Management of access to personal information (limiting employees with authority to access information (including measures such as immediate deactivation of accounts of employees who have transferred or left the company), surveillance of access status (such as long-term storage of access logs), regular changing of passwords, room entry/exit supervision, etc.)
- (2) Limits to steps in handling of personal information (prohibition of storage to external storage devices without permission, setting internal guidelines to monitor internal/external E-mail correspondence, etc.)
- (3) Measures to prevent unauthorized outside access (establishing firewalls, etc.)
- (4) A developed and implemented overall data protection management system.
4.Disclosure of Personal Information
KDDI will answer, within a reasonable time period, requests from the customer or a party acting on behalf of the customer for disclosure of applicable personal information, except in the following cases:
- (a.) If there is due concern of a significant obstruction to the proper operations of KDDI.
- (b.) If there is the possibility of violation of any legal ordinances.
5.Amendments of Personal Information
KDDI, if requested by the customer or a party acting on behalf of the customer to make amendments, additions, or deletions to the content of the applicable personal information (hereinafter referred to as "Amendments, etc.") will examine the request within a reasonable time period and, based on this examination, will carry out Amendments, etc. of the applicable personal information within the extent necessary to fulfill the intended purpose.
6.Grievances Regarding Handling of Personal Information
Complaints regarding KDDI handling of personal information (usage, provision, disclosure, amendments, etc.) can be made by the following means:
- By eMail: