Privacy Policy
IDC Frontier respects the privacy of you, our customer, and takes our responsibilities regarding the security of your customer information very seriously. IDC Frontier is committed to providing you with a professional, valuable and personalized service whilst safeguarding your privacy.
This Privacy Policy has been created to explain to you the way in which IDC Frontier uses your personal data. It applies to all IDC Frontier businesses, and will assist you to determine whether or not to provide IDC Frontier with your personal data.
IDC Frontier may update this Privacy Policy from time to time. We will notify you of all material changes through the IDC Frontier website.
This Privacy Policy explains the following regarding IDC Frontier's treatment of personal data:
- Definitions of personal data
- Purpose of use
- The practices and procedures IDC Frontier follows to collect your personal data
- Direct marketing
- Use of "cookies"
- Security of your personal data
- Your rights to your personal data held by IDC Frontier
- Privacy Policy for Personal Data Subject to GDPR
- Contact point
- Request for personal data access
- IDC Frontier enforcement of this Privacy Policy
1. Definitions of personal data
Personal data is any information that allows an individual to be identified. The types of personal data IDC Frontier will collect may include details of your name, address, telephone number, email address, fax number and date of birth.
2. Purpose of use
IDC Frontier will use your personal data in order to:
- Identify you
- Conduct billing
- Guidance of products or services provided by IDC Frontier or affiliated corporations
- Provide you access to specific information or offers
- Carry out any works to maintain the normal telecommunication services or recover from any possible failures
- Make service-related inquiries to you (including questionnaires)
- Works necessary to provide telecommunication services
To accomplish the above, IDC Frontier may provide your personal data to Yahoo Japan Corporation or any other our subcontractors. IDC Frontier may also provide your personal data to Nippon Telegraph and Telephone East Corporation (NTT East), Nippon Telegraph and Telephone West Corporation (NTT West) or any other contracted companies for interconnection with them and for related works necessary to establish interconnection so that IDC Frontier is able to provide you our telecommunication services. Furthermore, if you enter into a contract with another telecommunication carrier while you have a contract with IDC Frontier, we may provide your personal data to the carrier in accordance with IDC Frontier's conditions of contract.
3. The practices and procedures IDC Frontier follows to collect your personal data
IDC Frontier collects personal data from you through the use of enquiry and registration forms, direct personal contact with you (for example, over the telephone) and every time you email us your details. We may also collect your personal data from another telecommunication carrier if you enter into a contract with IDC Frontier while you have a contract with the carrier in accordance with their conditions of contract.
IDC Frontier will use your personal data where it is necessary to do so because it is relevant to IDC Frontier's dealings with you (i.e. it is relevant to the provision of the goods and/or services that you have requested from IDC Frontier) including for billing, customer service and network management.
IDC Frontier may use your personal data for direct marketing, including the provision of offers for IDC Frontier and our third party suppliers' products and services and customer surveys.
IDC Frontier will only use your personal data in a way that is fair and lawful taking into account your consent, the extent to which it is necessary for IDC Frontier to use your personal data in its dealings with you and the purposes which are disclosed to you in this Privacy Policy or which are relevant to the reason for your giving your personal data to us. IDC Frontier will not sell, trade or rent your personal information to others.
IDC Frontier may disclose your personal data to carefully selected business partners (meaning agent, distributor or reseller) and subcontractors to whom we engage to provide services. However, other than as set out in this Privacy Policy, IDC Frontier will not disclose or share your personal data with any other third party without your express consent unless this is necessary to provide the services or products which you requested when providing us with your personal data or as required by law.
4. Direct marketing
If you have consented at the point of collection to IDC Frontier (and/or any third party) providing you with direct marketing material you may be requested to elect a type of media via which this material shall be provided (for example, by post, e-mail, telephone or fax). IDC Frontier will only provide you with such material via your chosen media. If, at any stage, you object to IDC Frontier's use of your personal data for direct marketing or to the media in which such material is being sent, you may choose to unsubscribe to its receipt. If you have consented to receive third party direct marketing you will need to unsubscribe directly with that third party.
5. Use of "cookies"
IDC Frontier may use "cookies" on our website(s). A "cookie" is information that a website puts on your hard drive so that it can remember pieces of information about you when you next visit the website or a related website. IDC Frontier uses cookies to record personal data about you when you use our website in order to facilitate your future activities. Unless otherwise notified by IDC Frontier, we will not use personal data sent in a cookie for marketing purposes and will not share this personal data with third parties. If you prefer not to receive cookies from IDC Frontier's website, you can set your browser to warn you before accepting cookies and refuse the cookies when your browser alerts you to their presence. You can also refuse cookies by turning them off in your browser but this may impair your experience of IDC Frontier's website.
6. Security of your personal data
IDC Frontier has in place appropriate technical and organisational security measures to prevent unauthorized or unlawful disclosure or access to or, accidental or unlawful loss of or destruction, or alteration or unauthorized disclosure of or access to, or other damage to your personal data. These measures ensure an appropriate level of security in relation to the risks inherent in the processing and the nature of the personal data to be protected. Your securely held personal data will only be accessible by select authorized members of staff within IDC Frontier.
7. Your rights to your personal data held by IDC Frontier
IDC Frontier will only keep your information for as long as we are either required to by law, or as is relevant for the purposes for which it was collected.
During this period, you may contact IDC Frontier at any time if you would like to see details of the personal data that we hold about you, details (available to IDC Frontier) as to the source of that personal data, the purposes for which your personal data are being used, details of the parties with whom we may share your personal data or to ask us to correct, update, supplement or delete this personal data. IDC Frontier will deal with your inquiries, requests, or complaints in a sincere manner.
Privacy Policy for Personal Data Subject to GDPR
THIS PRIVACY POLICY (THIS “privacy policy”) ONLY APPLIES TO PROCESSING OF PERSONAL DATA SUBJECT TO EU GENERAL DATA PROTECTION REGULATION No 2016/679 (THE “GDPR”).
1. Our privacy policy
This Privacy Policy is an explanation by IDC Frontier. (“We”/“Us”) to persons residing in the European Economic Area (the “EEA”) protected under the GDPR (who may include our customers) (the “Data Subject”) regarding how we collect and process personal data as the data controller if personal data is provided or disclosed by the Data Subject or if personal data is received or acquired through a third party. We process the personal data in accordance with the GDPR (and other applicable EU and Member State regulations on data protection, if such regulations exist).
Processing of personal data in this Privacy Policy means processing of personal data of persons who are in the EEA in any of the following cases:
- (ⅰ) if carried out in connection to activities of our establishment in the EEA,
- (ⅱ) if related to the offering of goods or services to the Data Subjects, or
- (ⅲ) if related to the monitoring of the Data Subject's behavior as far as their behavior takes place within the EEA.
2. Collection and processing of personal data
We will always process the Data Subject's personal data based on one of the legal bases provided for in the GDPR (Articles 6 and 7). In addition, if processing personal data that requires special care, we will do so in accordance with the special rules provided for in the GDPR (Articles 9 and 10).
We may collect and process the Data Subject's personal Data in the following cases :(ⅰ) if required in order to provide the Data Subject with adequate services and products and we otherwise have a legitimate interest; (ⅱ) if required in order to perform an agreement with the Data Subject or carry out procedures before execution; or (ⅲ) if we have obtained the Data Subject's express prior consent. In that case, we will give notification of the purpose of that collection and processing to the Data Subject through notification when obtaining consent, agreement, or other appropriate means.
The Data Subject is entitled to withdraw his or her consent to the collection and processing of the personal data at any time, but this withdrawal will not affect the lawfulness of processing based on the consent before withdrawal thereof.
We will process the Data Subject's personal data for the above specified, explicit and legitimate purposes, and will not further process the personal data in a way that is incompatible with those purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that the Data Subject is informed of this. We will keep personal data for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support our business activities (Articles 5 and 25(2) of the GDPR).
We ensure that the personal data processed shall be limited to what is adequate and necessary in relation to the purposes for which they are processed.
3. Sharing personal data
We may share personal data with our group entities and with third-parties in accordance with the GDPR. Where we share personal data with a data processor, we will put the appropriate legal framework in place in order to cover data transfer and processing (Articles 26, 28 and 29 of the GDPR). Furthermore, where we share personal data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Chapter 5 of the GDPR).
Collaborative Partners
Subject to the Data Subject's prior consent, personal data may be transferred to, stored, and further processed by collaborative partners that work with us to provide our products and services or help us market to Data Subjects.
Outsourcing
- We may outsource all or part of the personal data processing in sales services, enquiry response services, equipment maintenance services, fee related services, marketing services, and other services.
- When executing an outsourcing agreement, the eligibility of the counterparty as an outsourcee is sufficiently investigated. Safety management measures, confidentiality, conditions for the outsourcee to outsource to another party, and other matters regarding the appropriate processing of personal data are prescribed in the outsourcing agreement, and our outsourcees are appropriately supervised by implementing periodic monitoring, etc. of the outsourcing conditions.
- The personal data provided (deposited) by the outsourcer in the services outsourcing is utilized within the scope necessary to perform the agreement with the outsourcer.
Corporate Affiliates and Corporate Reorganisations
We may share the personal data with all corporate affiliates. In the event of a merger, corporate reorganisation, civil rehabilitation, acquisition, joint venture, assignment, transfer, sale or disposition of all or any portion of our business (including in connection with any bankruptcy or similar proceedings), etc., we may transfer any and all personal data to the relevant third party.
Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside the Data Subject's country of residence – to disclose personal data. We may also disclose personal data if we determine that, for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our internal regulations, investigate fraud, or protect our operations or users.
Data Transfers
Disclosures or sharing of personal data as described above may involve transferring personal data out of the EEA. For each of these transfers we make sure that we provide an adequate level of protection to the data transferred, in particular by entering into Standard Contract Clauses as defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC and 2010/87/EU.
4. Our records of data processes
We handle records of processing of personal data in accordance with the obligations established by the GDPR (Article 30), where we might process personal data. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities in accordance with the GDPR (Article 31).
5. Security measures
We process personal data in a manner that ensures such data appropriate security (including protection against unauthorized or unlawful processing and against accidental loss, destruction damage, etc.) using appropriate technical or organizational measures to achieve this (Articles 25(1) and 32 of the GDPR).
6. Notification of data breaches to the competent supervisory authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess the details of the breach promptly. Depending on the outcome of our assessment, we will make the necessary notifications to the supervisory authorities and communications to the affected data subjects (Articles 33 and 34 of the GDPR).
7. Processing likely to result in high risk to the data subject's rights and freedoms
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to the data subject's rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational protective measures are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 of the GDPR).
8. Data subject's rights
We will notify the Data Subject of the details of the rights granted to the Data Subject under the GDPR when notifying the Data Subject of the purpose of processing personal data.
If the Data Subject will exercise such rights, please contact us at the address set forth section 11 below.
If the Data Subject is not satisfied with the way in which we have proceeded with any request, or if the Data Subject has any complaint regarding the way in which we process personal data, the Data Subject may lodge a complaint with a Data Protection Supervisory Authority.
9. Children
If we collect and process personal data from a child who is under 16 years of age or who has not reached the age limits under the laws of a Member State, we will process that data appropriately (Article 8 of the GDPR).
10. Updates to privacy policy
We may change this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy via the Website. If we make changes which we believe are significant, we will inform the Data Subject through the Website to the extent possible and seek for the Data Subject's consent where applicable.
Contact point
Any inquiries regarding your personal data will be accepted at the following contact point:
-Privacy Help Desk
Tel: | +81-3-5312-7022 |
---|---|
Available Hours: | From 9:30am to 12:00pm and 1:00pm to 5:00pm(JST) Monday through Friday (except for national holidays and during year-end and New Year) |
Request for personal data access
You may request access to or correction of your personal data according to the following procedure:
IDC Frontier enforcement of this Privacy Policy
IDC Frontier has appointed our Chief Information Security Officer as Chief Privacy Officer. The CPO is accountable for IDC Frontier's compliance with the Privacy Policy. In addition to meeting your requests regarding the Private Policy, the CPO is responsible for conducting regular audits in order to keep IDC Frontier remain compliant with the Private Policy.