NTT DOCOMO, INC. ("DOCOMO") is rendering various services and products (collectively "Services") so that our customer can enjoy a rich and comfortable life. For rendering the Services and conducting other relevant business activities, we may collect your Personal Data (not limited to personal information as set forth in the Act on the Protection of Personal Information, and including all data concerning an individual) in certain instances. We believe that the proper processing of Personal Data in our business activities is our important duty. To reflect our belief and sincerely regulate ourselves, we have enacted and published the "NTT DOCOMO Personal Data Charter".
1. Proper processing of Personal Data
2. Collecting of Personal Data
DOCOMO will collect Personal Data in the following instances:
- When directly provided by the customer to DOCOMO:
For example, DOCOMO will collect your Personal Data when you fill out the application form for ordering our Services at a DOCOMO shop or you register and/or send the Personal Data from your smartphone when using our Services.
- When automatically recorded when the customer uses our Services:
For example, when you use our Services on the internet, information regarding usage history of the Services may be automatically recorded in DOCOMO's server. Similarly, information recorded on your device (such as a smartphone) may be automatically sent to DOCOMO according to the settings of the device. In certain instances, such information includes your Personal Data.
- When indirectly obtained from third party when the customer uses the third party services:
For example, when you use dPOINT at our member shop, DOCOMO may collect relevant shopping history at the member shop. Similarly, the member shop may provide us with such information.
3. Purpose of processing of Personal Data
- DOCOMO will process your Personal Data for the following purposes:
Purpose of Use (1)For provision of services, products, etc., and for communications/notifications etc. to customer that are necessary for the performance of the agreement with customer.
As examples, the following purposes of use are included:
- Providing various services and functions under the terms of an agreement and executing other terms of an agreement
- Confirming the identity of a person or family members at the time of application and when using the services, etc.
- Confirming whether the application conditions have been satisfied
- Determining credit and managing post-credit
- Calculating and/or invoicing the billing amount (including for collection agencies) and managing points
- Disposing of claims and/or rights acquired against the customer, pledging collateral and for other transactions
- For age information notifications when using services of contents providers corresponding to age determining functions
- Notifying of required matters concerning an agreement
- Arranging, sending and after-servicing ordered products
- Communicating with the customer upon the occurrence of fraudulent contracts, unauthorized use and non-payment
- Responding to opinions, requests, inquiries, etc. concerning the services
Purpose of Use (2)For proposals services, products, etc., in relation to purchased services, products, etc., and for communications/notifications etc., to customer that are necessary thereto
As examples, the following purposes of use are included:
- Proposing rate plans to customers when consulted about rates
- Providing information regarding various campaigns, other sales promotion programs, etc. and events, etc. for DOCOMO, partner businesses, member stores, etc.
- Drawing winners, sending prizes and gifts and providing notifications for various campaigns and other sales promotion programs, etc.
- Providing information on products, services, contents, etc. recommended for the customer
- Displaying and transmitting advertisements of DOCOMO and other companies that are appropriate for the customer
- Awarding prizes such as coupons available at DOCOMO, its consolidated subsidiaries and equity method affiliates or d POINT affiliate shops
- Providing information on and display/distribution of advertisements for various products, services, campaigns, and events judged appropriate by DOCOMO (including those sold or conducted by a third party other than DOCOMO)
Purpose of Use (3)For preservation and countermeasures against fraud that are necessary for reliable and stable provision of services, products, etc.
As examples, the following purposes of use are included:
- Operating and maintaining network application systems, etc.
- Preventing and responding to the occurrence of failures, defects, accidents, etc. of products, services, network application systems, etc.
- Preventing the occurrence of, and countermeasures upon the occurrence of, fraudulent contracts, unauthorized use and non-payment
Purpose of Use (4)For planning, developing and improving services, products, etc. and various investigations and analyses
As examples, the following purposes of use are included:
- Planning and development of new products, new services and new technologies
- Improving service quality and improving reception services
- Investigating and analyzing sales status and usage status
- Carrying out investigations concerning awareness and actual conditions concerning products and services, various campaigns and other sale promotion programs, etc. (not limited to those of DOCOMO, partner businesses, member stores, etc.)
- Investigating, analyzing and measuring effects for carrying out various campaigns and other sales promotion programs, etc.
- Carrying out questionnaire investigations
- Survey and analysis of sales/usage status of the products and services of DOCOMO; operation and improvement of the products and services of DOCOMO; planning of new products and services; and questionnaire surveys, and other marketing analysis.
- DOCOMO will not process Personal Data in the following way:
- Unfairly discriminate against the customer in determining whether to provide Services to the customer
- DOCOMO may continue to process Personal Data even after the relevant contract for the Services terminates.
- If DOCOMO processes Personal Data to perform services entrusted from other parties, DOCOMO will use Personal Data only to the extent necessary to perform such entrusted services.
4. Consent to the processing of Personal Data
If so required under the Laws and otherwise we consider appropriate, DOCOMO will obtain your prior consent for (i) the processing of your Personal Data, (ii) transfer of your Personal Data to third parties and/or (iii) any other purpose. You can review and manage the status of your consent(s) which you gave to DOCOMO in various circumstances via "Personal Data Dashboard".
Notwithstanding, to the extent permitted by the Laws, DOCOMO may, without your prior consent, (i) process your Personal Data for purposes other than the purposes provided in 3. (1) and/or (ii) transfer your Personal Data to third parties. However, even in such instance, DOCOMO will give due consideration to your rights and interests.
5. Management of Personal Data by the customer
Under certain circumstances, you may have an opportunity to opt out of (i) the transfer of Personal Data to certain third party and (ii) processing the Personal Data for some specific purpose. You can review and manage the status of your indication for the opt-out via "Personal Data Dashboard."
Please also refer to "Claim Procedures regarding Retained Personal Data, etc." for claim procedures for the disclosure of your Personal Data.
6. Safety management of Personal Data
DOCOMO has declared the "Information Security Policy" as its policy regarding information security, to enable you to use our Services with ease. DOCOMO will take necessary and proper measures to prevent the divulgence, loss or damage of Personal Data and for other safety management of Personal Data.
7. Sub-processing of Personal Data
DOCOMO may use a sub-contractor for our Services, including sales and reception services, troubleshooting services, fee and credit-related services, website and system operation services, event and campaign implementation services, data processing and analysis services and other services. In some instances, such sub-contractor may process your Personal Data on behalf of DOCOMO, to the extent necessary to perform its duties under the sub-contracting contract. In such instance, DOCOMO will select an eligible sub-contractor who is recognized as being able to properly process Personal Data, and will carry out proper supervision thereof.
8. Notice of Other Matters regarding the Processing of Personal Data
If further notifications are required under the Laws, for example, when DOCOMO jointly processes the Personal Data with other parties without your consent or processes anonymized processed information, DOCOMO will post necessary notifications on "Notice of Other Matters regarding the Processing of Personal Data" .
9. Inquiries regarding the processing of Personal Data
Please contact the below customer support desk for inquiries regarding the processing of Personal Data:
NTT DOCOMO, INC.: Customer Service
0570-073-030 (toll); hours of operation: 10:00AM ~ 6:00PM (except Saturdays, Sundays, holidays, and end/beginning of year holidays)
Accredited Personal Information Protection Organization
DOCOMO is covered by the following accredited personal information protection organizations. The customer can also lodge complaints and/or consult with the service desk of each organization on the handling of personal information in the following businesses.
- Service desk concerning telecommunications businesses
- Service desk concerning credit card businesses
December 11, 2019
In order to view PDF files, you must have the Adobe® Reader® plug-in offered free of charge from Adobe Systems, Inc. When viewing the PDF files with Adobe® Acrobat®, use version 10 or later.
These contents will apply to the purpose of use of personal information that were acquired before December 11, 2019, concerning customers who have never been a d POINT CLUB member on and after December 11, 2019.
Exhibit: Additional information for EU and UK citizens
(1) Legal basis of the data processing
DOCOMO may collect, use, store and transfer different kinds of Personal Data which we have grouped together as follows:
Information about your identity, profile, and contact, which includes, for example, customer's ID such as d ACCOUNT and d POINT CARD number, attributes, contact address, date of birth, gender, family structure, and address.
Information about the use of various services, which includes, for example, contract status of various services, usage history, information about articles, images and videos you have posted, information about your behavior when you use the internet or application, names, locations payment of purchased services and products, responses to questionnaires.
Please note that any information falls under the category of "Basic Information", "Location Data" or "Medical and Health Information" as separately described here is not included in this scope.
Information about the location of your device. Such data will be collected by various technologies, which include, for example, the GPS function of the device, utilizing data registered at cell tower, Wi-Fi hotspots or when using other short-range wireless communication technologies.
<Medical and Health Data>
Information related to your medical treatment and health that is collected when you use related service(s). For example, information on medical examinations and other tests conducted by physicians, information on health guidance, medical treatment and dispensing of medicines by physicians,and information on customers' height, weight, activity level.
We have set out below, in a table format, purposes of processing the Personal Data as well as the legal bases we rely on for the processing. We have also identified what our legitimate interests are where appropriate. Please note, with respect to EU and UK Citizen, we do not knowingly collect Personal Data relating to children under the age of 13 and only collect and process Personal Data relating to children under the age of 16 if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.
In addition, if we process any special categories of Personal Data about you as prescribed in Article 9 of GDPR including some information categorized under the Medical and Health Data, we will only to do so based on your explicit consent.
|Purpose||Type of Personal Data||Lawful basis for processing|
|For rendering Services and for communications/notifications to customer that are necessary for the performance of the contract with customer.||
(i) ~ (iii)
|For proposals and offers of Services and for relevant communications/notifications.
(i) and (ii)
(To conduct marketing activities including various campaigns/promotion (but excluding direct marketing that we conduct based on explicit consent ) /
To make suggestions and recommendations that may be of interest to you throw which we aim to grow our business)
(iii), (iv) and in the case of conducting direct marketing by processing (i) or (ii):
|For maintenance of Services and countermeasures against improper activities that are necessary for reliable and stable provision of Services.||
||(i) ~ (iii)
|For planning, developing and improving Services and various investigations and analyses relating to them.||
(i) and (ii):
(To keep records updated/To analyse how customers use Services/ To improve quality of Services/ To analyse how customers use Services)
(iii) and (iv)
(2) Disclosures of your Personal Data
We may share your personal data with third parties, including our subsidiaries and business partners, with your explicit consent and/or in the case otherwise permitted by Laws. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the Laws. Without your explicit consent, we do not allow our third-party service providers (i.e. subcontractors of our services) to process or otherwise use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions
(3) International data transfer
DOCOMO is established and headquartered in Tokyo, Japan, and most of the business partners to whom we may disclose the Personal Data, as controllers and/or as processors, are also based in Japan or elsewhere outside the European Economic Area ("EEA") or the United Kingdom ("UK").
The Personal Data will therefore be collected, transferred, stored and processed outside the EEA or the UK. Japan has been recognised by the European Commission and the UK as being a country which offers adequacy protection for the purposes of GDPR and UK-GDPR. Accordingly, it is lawful for the Personal Data to be collected, transferred, stored and processed by DOCOMO in Japan provided that DOCOMO complies with its obligations as a controller under GDPR and UK-GDPR and as a Personal Information Handling Business Operator under the amended Act on the Protection of Personal Information.
(4) How we keep the Personal Data secure
We have put in place appropriate robust security measures to prevent the Personal Data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed. We have adopted these measures to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services which process the Personal Data and to ensure that we can restore availability and access to the Personal Data in a timely manner in the event of a physical or technical incident. These measures are regularly tested, assessed and, where appropriate, updated to ensure they remain effective, and they will typically include:
- Technical security measures:
- multiple location, physically secure data centres designed to prevent single points of failure;
- secure system firewalls and authentication controls;
- back-ups and data recovery systems;
- secure encryption technologies; and
- state-of-the-art antivirus and intrusion protection.
- Organisational security measures:
- data system access controls, password controls and privilege management;
- data centre physical access controls;
- security and compliance training for personnel:
- robust data security breach reporting procedures;
- robust DRBC (disaster recovery and business continuity) procedures;
- contractual confidentiality obligations for personnel; and
- background checks for personnel (where appropriate and permitted / required by law).
We have put in place reporting procedures to deal with any suspected data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.
Whenever we engage third party service providers to store and process the Personal Data, we always ensure that those providers also implement appropriate technical and organisational security measures to keep the Personal Data safe and require those providers to adhere to strict contractual requirements for this purpose, as required by GDPR and UK-GDPR.
(5) How long we retain the Personal Data
We will only retain the Personal Data for as long as is necessary for the specific purposes it was collected for or, where relevant, for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements.
For example, we often have to retain basic information about our customers for a mandatory period of time after they cease being customers in order to comply with our tax law obligations.
Where there is no specific legal period for retaining the Personal Data then we will determine the appropriate retention period by considering the amount, nature, and sensitivity of the personal data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process the Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete the Personal Data: see Section 6 below for further information. We may also anonymise the Personal Data (so that you are no longer identifiable from it) for research or statistical purposes. If so then we may use this information indefinitely without further notice to you.
(6) Your personal data rights
You have certain rights for the Personal Data under GDPR or UK-GDPR, some of which only apply in certain circumstances. These rights are:
- Right to access your Personal Data: This gives you the right to receive a copy of the Personal Data we hold about you subject to certain exemptions.
- Right to request correction of your Personal Data: This gives you the right to have any incomplete or inaccurate Personal Data we hold about you corrected.
- Right to request erasure of your Personal Data: This allows you to request us to delete or remove Personal Data. You also have the right to request us to delete or remove your Personal Data where you have exercised your right to object to processing (see below). In certain circumstances this right may not apply, such as where we have a good, lawful reason to continue using the information in question, and if so we shall inform you of such reasons at the relevant time.
- Right to object to processing of your Personal Data: You can object to us processing your Personal Data for legitimate interests purposes or for direct marketing. We must then stop processing your personal data unless we have a strong reason to continue which overrides your objection. If your objection is to direct marketing, we must always stop.
- Right to restrict how your Personal Data is used: You can limit how we use your Personal Data in certain circumstances. Where this applies, any processing of your Personal Data (other than storing it) will only be lawful with your consent or where required for legal claims, protecting certain rights or important public interest reasons.
- Right to have a portable copy or to transfer your Personal Data: You can request us to provide you, or (where technically feasible) a third party, with a copy of your Personal Data in a structured, commonly used, machine-readable format. Note this only applies to Personal Data which we obtain from you and, using automated means, process on the basis of your consent or in order to perform a contract.
- Right to withdraw consent: If we are relying on consent to process your personal data then you have the right to withdraw that consent at any time.
If you want to exercise any of the rights described above then please contact us as explained in Section 7 below. We try to respond to the requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
We may need to request additional information from you to help us confirm your identity. This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
You will not normally have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
NTT DOCOMO, INC. is the controller and is responsible for your Personal Data.
We have appointed a Data Protection Representative in the European Union and the UK to support you with any data protection or privacy related queries which you may have. If you have any questions about this Exhibit, or if you wish to exercise your legal rights (as explained in Section 6 above) please contact us or our EU Data Protection Representative or UK Data Protection Representative using the following details:
- Company name: NTT DOCOMO, INC.
Email address: email@example.com
Postal address: Sanno Park Tower
11-1, Nagata-cho 2-chome,
Chiyoda-ku, Tokyo 100-6150 Japan
Telephone number: +81 3 5156 1111
- EU Data Protection Representative: Digital Germany GmbH
Email address: firstname.lastname@example.org
Postal address: Fritz-Vomfelde-Str. 18, 40547 Düsseldorf, Germany
Telephone number: +49-211-970200
- UK Data Protection Representative: DOCOMO Europe Limited
Email address: email@example.com
Postal address: 1 King William Street, London, EC4N 7AR
Telephone number: +44(0)20-7481-6300