Privacy Policy

This Privacy Policy explains how we use the personal information that KDDI Europe Limited collects or generates both in relation to our website [https://www.eu.kddi.com/privacypolicy/] and our products and services. The list below sets out what is covered in this Privacy Policy and you can click on the headings below to go to a specific section.

KDDI Europe Limited with its registered office at 6th floor, 3 Thomas More Square、London E1W 1YW (“KDDI Europe”) collects and uses certain Personal Data (as defined below). KDDI Europe is responsible for ensuring that it uses that Personal Data in compliance with data protection laws. For the purposes of data protection laws, KDDI Europe acts as a “Data Controller” with respect to certain Personal Data and may receive such information about you. We may also process Personal Data as a “Data Processor” on behalf of our clients on their documented instructions. For more information about how your data is used by KDDI Europe when we are a Data Processor, please contact the client directly.

At KDDI Europe, we respect the privacy of our clients and we are committed to keeping all your Personal Data secure. This Privacy Policy governs the handling of Personal Data by KDDI Europe in the course of carrying on commercial activities.

We use the following definitions in this Privacy Policy: “we”, “our” or “us” means KDDI Europe.

“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by European Union, UK or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union, UK or Member State law.

“Data Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.

“Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, KDDI Europe (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of KDDI Europe or any other person in respect of an individual.

This Privacy Policy concerns the following categories of information that we collect about you when providing the following products and services:
(A) Information we receive through our website ("KDDI Europe Website");
(B) Information we receive through our products ("KDDI Europe Products"); and
(C) Information we receive through our co-location, support, or cloud-based services ("KDDI Europe Services").

Many of the services offered by KDDI Europe require us to obtain Personal Data about you in order to perform the KDDI Europe Services we have been engaged to provide. In relation to each of the services described at paragraph 2.0 above, we will collect and process the following Personal Data about you:

• Information that you provide to KDDI Europe. This includes information about you that you provide to us (whether by filling in forms on the KDDI Europe Website (including our “Contact Us” form), during telephone calls with us, or otherwise). The nature of the services you are requesting (in the case of customers) will determine the kind of Personal Data we might ask for, though such information may include (by way of a non-exhaustive list):

- basic Personal Data (such as first name; family name; position in the company; company name; company email address; business phone number; business address; city; postcode; country; link to LinkedIn).

• Information that we collect or generate about you. This includes (by way of non-exhaustive list):

For customers and suppliers:
- Information collected during the course of maintaining security of our sites (including CCTV images).

For customers only:
- a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the services which we have provided to you;
- through our cloud security services, traffic and security reports that include information on the internet usage of the organisation’s computer users (e.g. what websites were visited by each user, any documents downloaded, security incidents, prevention measures taken by the gateway, etc.); and
- activity data relating to the use of protected documents, such as altering a document’s permissions and information regarding the individual that performed the activity.

• Information we obtain from other sources.

• Cookies
- When you visit the KDDI Europe Website, cookies are used to collect technical information about the services that you use, and how you use them.
- For more information on the cookies used by KDDI Europe please see our Cookie Policy which is available on the KDDI Europe Website [http://global.kddi.com/detail/cookie-policy.html].

• Anonymized data
- In addition to the categories of Personal Data described above, KDDI Europe will also use other information and data that is not personal data. Such other information and data is not used by reference to a specific individual.

• List brokers
- We receive personal data from list brokers from time to time in order to build our contact data base.

• Industry Events
- When we sponsor industry events such as trade shows, delegates are issued with badges with a barcode which we can scan to collect their contact details when they visit the KDDI Europe stand at the event. The event organisers collect the data from our scanners and provide it to us in the form on an Excel document. This data is then uploaded to our marketing automation system.

Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
• to communicate with you in order to provide you with services or information about KDDI Europe and KDDI Europe Products (including to notify you about changes to existing KDDI Europe Products and Services that you purchase from us);
• to set up customers to use KDDI Europe Products;
• for the management and administration of our business;
• for ongoing review and improvement of the information provided on the KDDI Europe Website to ensure they are user friendly and to prevent any potential disruptions or cyber attacks;
• to allow you to use and access the functionality provided by the KDDI Europe Products for the purposes of assessing whether KDDI Europe Products are suitable for your purposes;
• to assess your application for KDDI Europe Products, where applicable;
• to conduct analysis required to detect malicious data and understand how this may affect your IT system;
• for statistical monitoring and analysis of current attacks on devices and systems and for the on-going
adaptation of the solutions provided to secure devices and systems against current attacks;
• to understand feedback on KDDI Europe Products and to help provide more information on the use of those products and services quickly and easily;
• for in-depth threat analysis;
• to understand your needs and interests;
• in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and
internal policies and procedures; or
• for the administration and maintenance of databases storing Personal Data.

However we use Personal Data we make sure that the usage complies with law and the law allows us and requires us to use Personal Data for a variety of reasons. These include:
• we need to do so in order to perform our contractual obligations with our customers and suppliers;
• we have obtained your consent;
• we have legal and regulatory obligations that we have to discharge;
• we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
• the use of your Personal Data as described is necessary for our legitimate business interests, such as:
- allowing us to effectively and efficiently manage and administer the operation of our business;
- maintaining compliance with internal policies and procedures;
- monitoring the use of our copyrighted materials;
- enabling quick and easy access to information on KDDI Products;
- offering optimal, up-to-date security solutions for mobile devices and IT systems; and
- obtaining further knowledge of current threats to network security in order to update our security solutions and provide these to the market.

We will take steps to ensure that the Personal Data is accessed only by employees of KDDI Europe or designated third parties (refer to section 5.0 below) that have a need to do so for the purposes described in this Privacy Policy.

We may also share your Personal Data outside of KDDI Europe for the following limited purposes:

• with our business partners. For example, this could include our affiliates and partners from whom you or your company or your organisation purchased the KDDI Europe Product(s) (where applicable). Personal Data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;

• with third party agents, contractors and service providers for the purposes of providing services to us (for example, KDDI Europe’s accountants, professional advisors, IT and communications providers, debt collectors). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Privacy Policy;

• to the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend its legal rights;

• if we sell our business or assets, in which case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes; and

• if we are acquired by a third party, in which case the Personal Data held by us about you will be disclosed to the third party buyer.

• If we need your explicit consent for the collection, use, disclosure and other processing of your Personal Data for certain projects which involve the sharing of your Personal Data with certain third parties which we engage in from time to time, this consent will always be obtained in writing from you by means of a letter emailed to us (or provided by some other traceable means).

KDDI Europe is a global business. Our suppliers, customers and our operations are spread around the world. As a result we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of the United Kingdom.

Where we transfer your Personal Data to another country outside the U.K. or EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the U.K. or Europe, for example, this may be done in one of the following ways:
• the country that we send the data to might be approved by the secretary of state as offering an adequate level of protection for Personal Data (e.g. Israel and Canada are approved countries);

• the recipient might have signed up to a contract based on Standard Contractual Clauses approved by the European Commission or UK government, obliging them to protect your Personal Data;

• in other circumstances the law may permit us to otherwise transfer your Personal Data outside the United Kingdom.

You can obtain more details of the protection given to your Personal Data when it is transferred outside the UK or Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in paragraph 11 below.

We have extensive controls in place to maintain the security of our information and information systems. Client files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.

As a condition of employment, KDDI Europe employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those employees who need to it to perform their roles.

Unauthorised use or disclosure of confidential client information by a KDDI Europe employee is prohibited and may result in disciplinary measures.

When you contact a KDDI Europe employee about your file, you may be asked for some Personal Data. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.

How long we will hold your Personal Data for will vary and will be determined by the following criteria:

• the purpose for which we are using it– KDDI Europe will need to keep the data for as long as is necessary for that purpose; and

• legal obligations –laws or regulation may set a minimum period for which we have to keep your Personal Data.

In all the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:

• the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;

• the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;

• in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to KDDI Europe ;

• the right to request that we rectify your Personal Data if it is inaccurate or incomplete;

• the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;

• the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and

• the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details listed in paragraph 11 below.

KDDI Europe’s registered office may be contacted using the following contact information:

Address: 6th floor, 3 Thomas More Square、London E1W 1YW

Email Address:DataProtection@uk.kddi.eu

If you have any questions or concerns about KDDI Europe’s handling of your Personal Data, or about this Policy, please contact us using the following contact information:

For KDDI Europe:

Address: FAO: Data Protection Team, KDDI Europe Limited, 6th Floor, 3 Thomas More Square, London, E1W 1YW

Email Address:DataProtection@uk.kddi.eu

We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Data Protection Team, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, KDDI Europe’s Data Protection Team will provide you with the contact information for that regulator.