KDDI Corporation (hereinafter referred to as the "Company") in order to recognize the importance of personal information and ensure that it is protected, in addition to complying with laws, ordinances, and guidelines, etc., relating to the Company’s business, personal information shall be handled as set forth below.
We handle information, such as customer name, address, email address, IP address, device log information, etc., collected via the services named “Cato Cloud Services” provided by Cato Networks Ltd., organized in Israel (hereinafter referred to as “Services”) through legal and fair means. There may be cases where customer information is not considered personal information due to its nature. We will, however, give due consideration to the handling of such information. In the event that such personal information is not provided, the business functions of the Service may not be available.
In the event that the Company acquires information prescribed by laws and regulations as sensitive personal information, the Company shall obtain such sensitive personal information after taking necessary measures such as obtaining consent in accordance with applicable laws and regulations.
The Company may use the personal information of customers for one or more of the following purposes.
The Company may use the personal information of customers in any of the following cases in accordance with applicable laws and regulations.
The Company shall retain the personal information of customers until the purpose of use is achieved. If the purpose of use is achieved, or if the Service itself is discontinued even though the purpose of use is not achieved, the Company shall delete such personal information without delay.
We may provide your personal data within the scope of the purposes of Article 2 to our affiliates, Group Company, Cato Networks, Ltd., Macnica Co., Ltd., which is the agent of Cato Networks, Ltd., and other third parties whom services are outsourced in providing the Service of customers to any third party. In order to provide the Service, the Company may transfer your personal information to a country other than the country in which you are located. Such countries include Japan and Israel, etc., and these countries may not have the same level of data protection as the country where you are located. When personal data is provided to a third party in a foreign country, necessary measures such as obtaining consent and entering into a data transfer agreement shall be taken in accordance with the provisions of applicable laws and regulations. In the event that detailed information is obtained, such as obtaining a copy of a document used to protect customer information, please contact the [KDDI Corporation Personal Information Disclosure Consultation Office] noted in Article 5.
The Company shall take necessary and appropriate measures for the management of access to personal information, the restriction of the means of taking personal information off-premises, the measures to prevent unauthorized access from the outside, and other measures to prevent leakage, loss, or damage of personal information, as well as for the safety management of personal information (here in after referred to as “Safety Management Measures”) . When implementing safety management measures, the Company will appropriately implement technical protection measures and organizational protection measures as follows, utilizing the framework of related laws and regulations, guidelines, and ISMS (Information Security Management System).
We will manage access to personal information (limitation of access privileges (including measures such as immediately invalidating the account of transferred or retired employees), monitoring of access status (e.g., long-term storage of access logs), periodic password changes, management of access, etc.). We will implement restrictions on the means by which personal information can be taken out (such as prohibition of unauthorized recording on external recording media, and monitoring of emails between internal and external parties by establishing internal rules, etc.). Take measures to prevent unauthorized access from the outside (e.g., installing a firewall).
a) Employees (including temporary employees) Director of
In addition to appointing an "Information Security Manager" as the person responsible for personal information management, we will clearly stipulate the responsibilities and authority of employees concerning the safety management of personal information. We will establish internal rules and manuals related to safety management, ensure that employees comply with them, and conduct appropriate audits of compliance status. We will provide employees with education and training on the safety management of personal information.
b) Supervision of outsourcees
The Company may contract all or part of the handling of personal information. In such a case, the Company shall select a outsourcees that is deemed to handle personal information appropriately, and in the outsourcing agreement, shall appropriately prescribe the matters relating to the handling of personal information, such as the safety management measures, confidentiality, subcontracting conditions, and the return of personal information at the time of the ending of the outsourcing agreement, and shall conduct the necessary and appropriate supervision.
If you or your agent exercise your rights under the applicable law, such as withdrawing consent, access, deletion, objection, or data portability, etc., please contact us via our consultation office below.
[KDDI Corporation Personal Information Disclosure Consultation Office]
In addition to the provisions set forth above, personal information of customers residing in the State of California, the United States (refers to information that can directly or indirectly identify, relate, explain, refer to, relate to, or reasonably combine a specific consumer or household. The same shall apply hereinafter in these Supplementary Provisions.) apply to the handling of accordance with the provisions of the California Consumer Privacy Act of 2018(“CCPA”).
The Company has collected from customers the categories of personal information listed below in the past 12 months and will continue to collect the categories of personal information listed below.
|A. Identifier||Actual name, online identifier, Internet protocol address, email address, or other similar identifier|
|B. Categories of personal information listed in California Customer Records State (California Customer Records State) (California Code of Civil Code 1798.80 (e) Article)||Name|
|C. Information on internet or other electronic network activities||Terminal log information|
The Company shall not collect categories of personal information other than the above without notifying the customer, and shall not use the personal information collected for any materially different, unrelated, or inconsistent purpose.
The Company may share or disclose the personal information of customers to third parties for business or commercial purposes. In the event that personal information is disclosed to a service provider for business or commercial purposes, the Company will state such purpose, and will enter into an agreement with the service provider that requires the confidentiality of personal information and the prohibition of the use of personal information for purposes other than the performance of a contract.
During the past 12 months, the Company has shared or disclosed personal information to the following categories of third parties, depending on business or commercial purposes.
We have not sold any personal information in the past 12 months.
The CCPA provides individual rights to personal information to consumers residing in California. The following describes the customer's rights based on the CCPA and explains how to exercise them.
The customer has the right to require the Company to disclose to the customer certain information relating to the Company's collection, sharing, disclosure or use of the personal information of the customer during the past 12 months prior to the time of the customer's request. The Company, in the event of receiving and confirming a verifiable claim from the customer, shall disclose to the customer all or a part of the information stated below.
The customer, with the exception of certain exceptional circumstances, has the right to demand that the Company delete any part of the customer's personal information collected and retained by the Company from the customer. When the Company receives and confirms the verifiable customer's claim, unless exceptions apply, the Company will delete (and instruct the service provider to delete) the customer's personal information from the Company's records.
The Company, for the following purposes, in the event of the retention of said information being required by the Company or the Company's Service Propider, may reject a request for deletion by the customer.
The Company does not sell or will not sell personal information collected from customers.
The Company shall not discriminate against residents of the State of California by exercising their rights based on the CCPA. In addition, except when permitted by CCPA, the Company shall not perform the following.
In order to exercise the above access rights and right to delete, please contact the above KDDI Personal Data Disclosure Consultation Office and make a verifiable request to the Company.
Only the customer, that is, an entity registered with the State Secretary of State of California to whom the customer has granted authority to act on behalf of the customer in California may make verifiable claims relating to the personal information of the customer. Further, the customer may make verifiable claims on behalf of the customer's minor child.
For verifiable invoices,
KDDI Corporate Sales Representative will consult with you and provide you with an estimate for the introduction.
If you have any questions, please feel free to contact us.