Personal Information Protection Policy

  1. TOP (English)
  2. Personal Information Protection Policy

Personal Information Protection Policy

Nippon Information and Communication Corporation (hereinafter referred to as “Our company”), considers the protection of our customers’ personal information as a fundamental aspect of our business and a social responsibility. We have established the following privacy policy, which we communicate to our officers and employees and strive to enforce.

  1. Prevention and Correction of Risks Associated with Personal Information
    We will strictly manage the personal information of our customers and take necessary and appropriate measures to prevent and correct risks such as unauthorized access, loss, destruction, alteration, and leakage.
  2. Compliance with Laws and Regulations regarding Personal Information
    Our company will comply with laws and regulations related to the handling of personal information, including the Act on the Protection of Personal Information, the Telecommunications Business Law, and other relevant regulations and guidelines. Our company will make every effort to protect personal information.
  3. Continual Improvement of Personal Information Protection Management System and Mechanisms
    Our company will continuously improve the management system and mechanisms related to personal information protection.

Regarding the Handling of Customer Personal Information

Our company handles customers’ personal information (Hereinafter referred to as “customer personal information”.) in accordance with the “Personal Information Protection Policy” and the following policy.

  1. How we obtain customer personal information
    Our company properly obtains customer personal information by means of oral, written, electromagnetic records, audio recordings, video recordings, and other methods entered in email, web pages, etc. (Including cases where our company acquires indirectly from non-customers other than directly from customers)
    In addition, we may record your phone calls to accurately understand your orders, comments, and requests, and to improve our services in the future.
  2. Handling of Customer Personal Information
    1. Purpose of Use of Customer Personal Information in our company
      The purpose of use of customer personal information held in our company is as follows.
      1. To provide telecommunications services, sell computers and software, develop various solutions and systems, and deliver various documents such as invoices and goods, provide related after-sales services, and provide information on new goods and services in providing System Operation Service.
      2. To conduct transactions based on contractual relationships such as purchase of goods, consignment of work, and financial transactions in the course of normal company operations.
      3. To disseminate email newsletters, guide seminars and forums, and disclose information about media coverage.
      4. To manage visitors and the purpose of their visits, as well as those who have accessed the company’s servers and the purpose of their access, etc. in order to ensure the security of the company.
      The use provided for in this Article includes the case where cookies and other identifiers are linked to our company’s personal information to manage and use them. If necessary, our company will notify you of the specific purpose of use or disclose it on its website, etc. so that you can assume the purpose for which your personal information will ultimately be used. If we directly receive your personal information in writing (including electromagnetic records), we will clearly indicate the purpose of use in advance. In the case of Article 18, Paragraph 3 of the Personal Information Protection Act, we may handle your information beyond the scope necessary to achieve the above purpose of use.
    2. Provision of Personal Information to Third Parties
      Our company will not provide Personal Information that we have received from you to third parties without obtaining your prior consent, except in accordance with Article 27, Paragraph 1 of the Personal Information Protection Act or Article 27, Paragraph 5 of the same Act. In addition, if a third party providing Personal Information is located in a foreign country, we will not provide it without taking the measures specified in 9., in accordance with Article 28 of the Personal Information Protection Act.
    3. Joint Use of Personal Information
      Our company may use your personal information or pseudonymized information jointly with third parties in accordance with Article 27, Paragraph 5, Item 3 of the Personal Information Protection Act. In such cases, we will notify you of the following items in advance or publish them on our website, etc.
      1. The fact that they will be used jointly
      2. Items of customer personal information or pseudonymised information used jointly
      3. Scope of persons who use jointly
      4. Purpose of use of persons who use jointly
      5. the name and address of the person responsible for the management of the customer personal information or the pseudonymised information, and in the case of a juridical person, the name of its representative
    4. If the purpose of use prescribed in item (iv) of the same paragraph or the person responsible prescribed in item (v) of the same paragraph is to be changed after notification or publication, etc. on the website, etc. as described above,the fact of the change of the name or address of the person responsible prescribed in item (v) of the same paragraph or, in the case of a juridical person, the fact of the change of the name of its representative is to be notified or published on the website, etc. without delay.
    5. Procedures for Disclosure, etc. of Personal Information Held by our company
      In accordance with the provisions of the Personal Information Protection Act, our company will respond to requests for disclosure, correction, addition, deletion, suspension of use, or erasure of Personal Information held by our company, requests for disclosure of records provided by third parties, and requests for suspension of provision of Personal Information to third parties.
      1. Documents Required for Requests for Disclosure, etc.
        When making requests for disclosure, please contact the customer’s personal information counter in writing. We will send the necessary forms by return, so please attach the necessary documents and submit them by mail to the customer’s personal information counter.
        • “Request for Disclosure of Personal Information”
        • “Request for Disclosure of Records Provided to Third Parties with Personal Information”
          ※A separate fee of 1,000 yen (tax included) is charged for the disclosure request. (Please send the fee by registered mail. Please choose either the written method or the electromagnetic method for disclosure.)
        • “Request for Correction of Personal Information”
        • “Request for Suspension or Erasure of Use of Personal Information”
        • “Request for Suspension of Provision of Personal Information to Third Parties”
        • Attached document “Official Certificate, etc. for Identity Confirmation”
      2. Recipient of request
        St. Luke’s Garden Tower 15F
        8-1 Akashi-cho, Chuo-ku, Tokyo, 104-0044, Japan
        Nippon Information and Communication Corporation Customer Personal Information Desk
        ※Handling of Customer Personal Information Obtained in “Request for Disclosure, etc.” The purpose of use of customer personal information received through requests for disclosure shall be handled only to the extent necessary for requests for disclosure.
    6. Consultation Desk for Customer Personal Information in our company
      For consultation regarding our company’s handling of Customer Personal Information (Includes measures taken to ensure the safety of customer personal information.), please contact the Customer Personal Information Desk in V-ii above in writing. We regret to inform you that we are unable to accept your request for an in-person visit to our office. We kindly ask for your understanding in this matter.
  3. Compliance with the Law
    When handling customer personal information, we comply with the “Act on the Protection of Personal Information” and related laws and regulations, and adhere to the guidelines of the ministries and agencies in charge and industry guidelines.
  4. Safety Management Measures
    When handling customer personal information, we appropriately implement organizational safety management measures, personal safety management measures, physical safety management measures, and technical safety management measures. For details of the measures we have taken for the safety management of customer personal information, please contact our company’s Customer Personal Information Consultation Center and we will notify you individually unless there is a security problem.
    1. Organizational Safety Management Measures
      We have established an organizational management system that includes the establishment of a management system for committees and managers of each organization, the establishment of internal rules, the creation of statements such as management ledgers and process management tables, and continuous improvement.
    2. Personnel Safety Management Measures
      We will educate all employees who handle customer personal information, whether officers, employees, or partner employees, on the importance of protecting customer personal information, and ensure its effectiveness through necessary audits and supervision along with the conclusion of confidentiality agreements. In addition, when we outsource the handling of customer personal information, we will supervise whether the outsourced party (Includes sub-contractors, etc.) is managing customer personal information appropriately, and if improvement is necessary, we will promptly request improvement. If there is no improvement, we will change the entrusting party or take other necessary measures, and we will strictly respond.
    3. Physical Safety Management Measures
      We will take various measures such as entry and exit management of buildings and floors where personal information is handled, prevention of theft, measures against damage to personal information due to fire or lightning strike, removal of systems and documents, and locking during transfer and storage.
    4. Technical Safety Management Measures
      We implement access management measures such as authentication, authorization, control, and logging when accessing personal data. We also implement measures for unauthorized software and virus protection in our systems. During the transfer and reception of data, we employ measures such as encryption and clear responsibility allocation. Additionally, we have technical monitoring measures in place for information systems.
    5. Understanding the external environment
      If we handle customer personal information in a foreign country, we will take appropriate measures after understanding the system for the protection of personal information in the foreign country. We will take measures to safely manage customer personal information.
  5. Continuous improvement of the management system
    We review the management system and regulations regularly, continuously and flexibly, and constantly improve the management system in a timely and appropriate manner in accordance with changes in technology and the legal system, and actively work to protect customer personal information.
  6. Anonymously Processed Information
    Our company may create anonymously processed information based on your personal information and provide it to third parties. In such cases, we shall publish the following items on our website:
    ➀Items of Personal Information Included in Anonymously Processed Information Created by our company
    ➁Items of information on individuals contained in anonymized information provided to third parties
    ➂Method of providing anonymized information to third parties
    ➃Details of safety management measures taken
    Our company takes the safety management measures described in 4 above when handling anonymously processed information, etc. We also provide necessary and appropriate supervision to employees and contractors (Includes sub-contractors, etc.) who handle anonymously processed information, etc.
  7. Regarding pseudonym processed information
    Our company may create pseudonym processed information based on your personal information. In such cases, the following items shall be disclosed on our website, etc.
    1. Purpose of use of the pseudonym processed information produced by our company
      When handling pseudonym processed information, our company takes the safety control measures described in 4 above. We also provide necessary and appropriate supervision to employees and contractors (Includes sub-contractors, etc.) who handle pseudonym processed information.
  8. Personally Related Information
    Our company handles Personally Related Information (Information about a living individual that does not fall under any of the categories of personal information, pseudonymized information, or anonymized information. Specifically, it refers to the browsing history and location information of a website.) as follows:
    1. When our company provides Personally Related Information
      When our company provides Personally Related Information, we will not provide such information to a third party without confirming in advance that consent has been obtained from the customer themselves, except in cases where it is expected that the recipient third party will acquire Personally Related Information as Personal Data, as provided in the items of Article 27, Paragraph 1 of the Personal Information Protection Act (including situations where the third party is located in a foreign country and information such as the name of the foreign country, the system for the protection of personal information, and the measures taken by the third party for the protection of personal information are provided to the individual concerned when obtaining consent).
    2. When our company acquires Personally Related Information as Personal Data
      When our company acquires Personally Related Information as Personal Data, it obtains the consent of the customer in advance. However, if the person who intends to provide the Personal Data has obtained the consent of the customer in advance, it may be substituted for obtaining the consent in advance.
  9. Responses to Provision of Customer Personal Information or Personally Related Information to Third Parties in Foreign Countries
    When our company provides Customer Personal Information or Personally Related Information to a third party in a foreign country (Excluding countries that have systems for the protection of personal information that are deemed to be at the same level as Japan in protecting the rights and interests of individuals.), we take the following actions.
    1. Provision of Customer Personal Information to a Third Party in a Foreign Country
      1. Method by Obtaining ConsentOur company may provide Customer Personal Information to third parties located in foreign countries after notifying the Customer of the following matters in advance and obtaining the Customer’s consent.
        • Name of the foreign country to which the information will be provided
        • System concerning personal information in the foreign country
        • Measures to be taken by the recipient third party for the protection of personal information
          Please check the “System for Personal Information in Foreign Countries” on the following Personal Information Protection Commission website. (If there is no information on the following website, we will notify you individually.)
          [Personal Information Protection Commission website]
          https://www.ppc.go.jP/personalinfo/legal/kaiseihogohou/#gaikoku
      2. Method by establishing a system of a third party in a foreign country
        In addition to i. above, our company may provide Customer Personal Information to a third party in a foreign country after taking necessary measures to ensure the continuous implementation of appropriate measures by the third party in a foreign country.
    2. Providing personal Related information to a third party in a foreign country
      1. Method by obtaining consent
        Our company may provide Personally Related Information to a third party in a foreign country in accordance with the provisions of 8-I. above.
      2. Method by establishing a system of a third party in a foreign country
        In addition to i. above, our company may provide personally related information to a third party in a foreign country after confirming that it has obtained the consent specified in 8-1. above (Except for verifying that the information is provided in parentheses.) and taking necessary measures to ensure the continued implementation of appropriate measures by the third party in a foreign country.

Specific Personal Information Protection Policy

Our company formulates this Policy in order to work as an organization on the proper handling of Specific Personal Information, etc.

  1. Name of the business operator
    Nippon Information and Communication Corporation
  2. Compliance with applicable laws and guidelines
    Our company complies with applicable laws and regulations, national guidelines, and other regulations concerning the handling of specified personal information, and handles specified personal information appropriately.
  3. Matters concerning safety management measures
    Our company has established an optimal system for the appropriate management of specified personal information, and has taken safety management measures to ensure that the acquisition, use, storage, provision, deletion and disposal of specified personal information complies with the prescribed regulations and is handled appropriately.
  4. Contact for questions, etc.
    If you have any questions or complaints regarding the handling of specific personal information in our company, please contact the following contact:
    St. Luke’s Garden Tower 15F
    8-1 Akashi-cho, Chuo-ku, Tokyo, 104-0044, Japan
    Nippon Information and Communication Corporation Customer Personal Information Desk

Handling of Specific Personal Information from Business Partners

Our company handles Personal Numbers and Specific Personal Information (Hereinafter, specified personal information of business partners, etc. is referred to as “specified personal information of business partners, etc,” and the personal numbers of business partners, etc. are collectively referred to as “specified personal information of business partners, etc.”) from business partners in accordance with the “Specific Personal Information Protection Policy.”

  1. Handling of Specific Personal Information from Business Partners
    1. Purpose of Use of Specific Personal Information from Business Partners in our company
      The purpose of use of Specific Personal Information from Business Partners held in our company is as follows:
      1. Processes related to preparation of payment records of remuneration, fees, contracts, and winnings
      2. Processes related to preparation of payment records of royalties, etc. for real estate
      3. Processes related to preparation of payment records of consideration for the acquisition of real estate, etc.
      4. Processes related to preparation of payment records of brokerage fees for the purchase and sale or loan of real estate, etc.
      In addition, when we receive specific personal information of business partners, etc. directly written by business partners, etc., we will clearly indicate the purpose of use each time, except in cases falling under the items of Article 21, Paragraph 4 of the Information Protection Act.
      However, this does not apply to cases falling under Article 18, Paragraph 3, Item 1 or Item 2 of the Personal Information Protection Act as replaced by Article 30, Paragraph 3 of the Act on Use of Numbers to Identify Specific Individuals in Administrative Procedures (Hereinafter referred to as “Numbering Act”.).
    2. Provision of Specific Personal Information of Business Partners, etc.
      Our company does not provide Specific Personal Information of business partners, etc to a third party.
      However, in the cases provided for in each item of Article 19 of the Numbering Act, necessary Specific Personal Information may be provided to the relevant third party or necessary Specific Personal Information may be provided by the relevant third party without obtaining the prior consent of the person.
    3. Personal Information of Business Partners, etc. Related to Joint Use
      Our company will not jointly use the Personal Information of Business Partners, etc. that it receives from Business Partners, etc. with any specific person.
    4. Procedures for Disclosure of Personal Information of Business Partners, etc held by our company.
      We will respond to requests for disclosure, correction, suspension of use, etc. of Personal Information of Business Partners, etc. that our company has received.
      1. Documents necessary for requests for disclosure, etc.
        If you wish to make a request for disclosure, please contact the Customer Personal Information Desk.
        We will send the necessary forms by return, so please attach the necessary documents and submit them by mail to the Customer Personal Information Desk.
        • “Request for Disclosure of Specific Personal Information, etc.”
          *A separate fee of 1,000 yen (consumption tax included) is charged for the request for disclosure. (Please send the fee by registered mail. Please choose either the written method or the electromagnetic method for disclosure.)
        • “Request for Correction of Specific Personal Information, etc.”
        • “Request for Suspension or Erasure of Use of Specific Personal Information, etc.”
        • “Request for Suspension of Third-Party Provision of Specific Personal Information, etc.”
        • exhibit “Official Certificates, etc., That Can Be Identified”
      2. Where to Send Requests
        St. Luke’s Garden Tower 15F
        8-1 Akashi-cho, Chuo-ku, Tokyo, 104-0044, Japan
        Nippon Information and Communication Corporation Customer Personal Information Desk
        *Handling of Specific Personal Information of Business Partners, etc obtained in connection with requests for disclosure, etc.
        The purpose of use of Specific Personal Information of Business Partners, etc. received in response to a request for disclosure, etc. shall be handled only to the extent necessary for Request for disclosure, etc.
    5. Consultation Desk for Specific Personal Information of Business Partners, etc. in our company
      For the consultation desk regarding the handling of Specific Personal Information of Business Partners, etc. in our company (including the measures taken for the safe management of Customer Personal Information), please notify us in writing to the Customer Personal Information Desk in IV-ii.
      Please note that we cannot accept your request.
  2. Compliance with the Law
    In the handling of specific personal information of business partners, etc., we comply with the Act on the Protection of Personal Information, the Act on the Use of Numbers to Identify Specific Individuals in Administrative Procedures, and related laws and regulations, and observe the guidelines of the ministries and agencies in charge and industry guidelines.
  3. Safety Management Measures
    When handling specific personal information of business partners, our Company shall appropriately implement organizational safety management measures, personal safety management measures, physical safety management measures, technical safety management measures, and grasp of the external environment. For details on the measures we have taken to safely manage specific personal information, etc. of business partners, etc., please contact our consultation desk regarding specific personal information, etc. of business partners. We will notify you individually, except in some cases that there is a problem with security.
    1. Organizational Safety Management Measures
      We have established an organizational management system that includes the establishment of a management system for committees and managers of each organization, the establishment of internal rules, the creation of statements such as management ledgers and process management tables, and continuous improvement.
    2. Personnel Safety Management Measures
      All employees, whether executives, full-time employees, or temporary workers, who handle specific personal information of business partners, etc., are informed and enlightened about the importance of protecting specific personal information of business partners, etc., and conclude confidentiality agreements. We will also conduct necessary audits and supervision to ensure its effectiveness. In addition, when outsourcing the handling of specific personal information of business partners, etc., check whether the contractors (including subcontractors, etc.) appropriately manages the specific personal information of business partners, etc. (This includes properly obtaining permission for subcontract, and ensuring that contractors provide necessary and appropriate supervision of subcontractors, etc.) and promptly requesting improvements if improvements are necessary. If no improvement is seen, we will strictly respond by changing the contractors or taking other necessary measures.
    3. Physical Safety Management Measures
      Entry/exit control of buildings and floors that handle specific personal information of business partners, etc., prevention of theft, etc., measures against damage to specific personal information, etc. of business partners, etc. due to fire, lightning, etc., removal, transportation, and storage of systems and documents. We will take various measures such as locking the door at times.
    4. Technical Safety Control Measures
      We implement access management measures such as authentication, authorization, control, and logging when accessing personal data. We also implement measures for unauthorized software and virus protection in our systems. During the transfer and reception of data, we employ measures such as encryption and clear responsibility allocation. Additionally, we have technical monitoring measures in place for information systems.
    5. Understanding the external environment
      When handling specified personal information, etc., of business partners, etc. in a foreign country, we shall take measures for the security management of specified personal information, etc., of business partners, etc., after understanding the systems, etc. for the protection of personal information of the foreign country.
  4. Continuous Improvement of Management Systems
    We review the management system and regulations regularly, continuously and flexibly, and constantly improve the management system in a timely and appropriate manner in accordance with changes in technology and the legal system, and actively work to protect specific personal information of business partners.

NTT Group Information Security Policy

totop