Customer Data Privacy Policy

KDDI Hong Kong (the “Company” or “we” or “our” or “us”) acknowledges the importance of safeguarding and protecting personal data (the “Personal Data”) of our customers. This Customer Data Privacy Policy (this “Policy”) sets out the Company rules and guidelines relating to the collection, disclosure, processing, use, and safeguarding of Personal Data by the Company in relation to our marketing practices, in adherence with the applicable laws and regulations. This Policy also describes your legal rights under the applicable laws and regulations with respect to such Personal Data. You have the right to refuse to consent to the terms of this Policy, but if you do not consent or provide your Personal Data, you may not be able to use our services.

The Company collects customer’s business contact information, which includes, but is not limited to, a name, company name, industry, position, job title, telephone number, postal address, email address and any other similar information about the customer, but not includes the information provided by the customer solely for his or her personal purposes.

2.1 The Company collects Personal Data in several ways through voluntary provision by customers, including but not limited to the following manners:

    (a) When a customer contacts the Company for enquiries, via any mode of communication;
    (b) When a customer requests the Company to respond in writing or to return a telephone call;
    (c) When a customer registers for or attends Company-hosted or sponsored events, such as webinars, conferences, and seminars; and.
    (d) When a customer and the Company exchange business cards.

2.2 The Company shall notify its customers of the intended purpose for which the Personal Data will be used, processed and disclosed when the Company collects or attempts to collect Personal Data from its customers, .

2.3 If the customer voluntarily provides us any Personal Data for any reason, it will be deemed that you consent that we may use such Personal Data in accordance with this Policy.

3.1 The Personal Data which the Company collects from customers may be collected, used, processed and/or disclosed based on your consent, our legitimate interests or legal obligations for the following purposes:

    (a)    carrying out due diligence or other screening in accordance with any legal or regulatory obligations or the Company’s risk management procedures that may be required by law or that may have been put in place by the Company;
    (b)   conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve the Company’s products, services and facilities in order to enhance the business for the Company’s business partners’ benefits;
    (c)    communicating with business partners and customers for direct advertising or other forms of marketing or advertising;
    (d)   sharing information within the services and systems operated by the Company to be utilize such information for the Company’s various services;
    (e)    improving and expanding our marketing activities;
    (f)     providing our customers with information of the Company’s events, seminars, etc. and conducting public relations activities;
    (g)   distributing e-mail magazines, questionnaires, etc. to our customers;
    (h)   responding to inquiries from our customers;
    (i)      storing, hosting, backing up (whether for disaster recovery or otherwise) of customer’s Personal Data, whether within or outside the country of your residence; and
    (j)      if it becomes necessary by court order to cooperate with the data protection authority, complying with or as required by any applicable laws and regulations, request or direction of any government agency and/or regulatory authority, or public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that the Company may/will disclose Personal Data to the aforementioned parties upon their request or direction.

4.1 The Company may disclose the above stated Personal Data to third parties, including but not limited to the following, whether they are located overseas for one or more of the above stated purposes subject to the applicable laws and regulations:

(a) KDDI group companies;
(b) agents, contractors, or service providers;
(c) business partners;
(d) banks, or other financial institutions;
(e) professional advisers such as consultants, auditors, and lawyers; or
(f) government or public agencies.

4.2 The Company may transfer Personal Data to countries outside of the country of your residence whose laws and regulations may not provide the same level of the data protection. In such cases, the Company shall take such steps to ensure that the receiving party is bound by legally enforceable obligations to provide a standard of protection to the Personal Data transferred that is comparable to the standard of protection afforded under the applicable laws and regulations.

4.3　Third parties to whom we disclose your Personal Data pursuant to Section 4.1 will retain customers’ Personal Data for those periods necessary to fulfil the purposes, unless a longer retention period is required or permitted under the applicable laws and regulations. If these third parties no longer needs customers’ Personal Data to fulfill the purposes, they will delete or anonymize the Personal Data from their databases in accordance with the applicable laws and regulations

4.4 If you wish to refuse transfer your Personal Data to a country countries outside of the country of your residence, please contact us at the contact information prescribed in “12. Contact Us”. Please note that if you refuse to consent to transfer your Personal Data to a country countries outside of the country of your residence, you may not be able to use our services.

5.1 The Company respects the confidentiality of the Personal Data that customers have provided to the Company.

5.2 In that regard, the Company will not disclose any of customers’ Personal Data to any third parties without first obtaining their express consent permitting it to do so. You have the right to refuse to consent to the disclosure of your Personal Data to third parties, but if you do not consent, you may not be able to use our services. However, the Company may disclose customers’ Personal Data to third parties without first obtaining their consent in certain situations, including, without limitation, to the fullest extent permitted by the applicable laws and regulations, the following:

    (a) cases in which the disclosure is required based on the applicable laws and regulations;
    (b) cases in which the purpose of such disclosure is clearly in the customers’ interests, and if consent cannot be obtained in a timely way;
    (c) cases in which the Personal Data is critically required for the protection of a person's life, body, or property, and the consent from the customers cannot be obtained in a timely way;
    (d) cases in which there are reasonable grounds to believe that the health or safety of a customer will be seriously affected and consent for the disclosure of the Personal Data cannot be obtained in a timely way, provided that the Company shall, as soon as may be practicable, notify the customer of the disclosure and the purposes of the disclosure;
    (e) cases in which the disclosure is necessary for any investigation or proceedings by public authorities
    (f) cases in which the Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the Personal Data is necessary for the purposes of the functions or duties of the officer; and/or
    (g) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.

5.3 In all other instances of disclosure of Personal Data to third parties with customers’ consent, the Company will endeavour to provide adequate supervision over the use and processing of the Personal Data by such third parties, as well as to provide for adequate forms of protection over such Personal Data.

6.1 A customer may apply to access a copy of his/her Personal Data retained by the Company, or request for such Personal Data to be deleted or corrected, as permitted under the applicable laws and regulations, by contacting us in the manner set forth in Section 12 (Contact Us). Please be informed that the Company may charge an administrative and service fee to access the Personal Data for the requested purpose and will inform such fee amount to the requester, accordingly.

6.2 The Company would usually respond to an access, deletion or correction request within a reasonable time. However, if the Company is unable to respond within thirty (30) days after receiving an access, deletion or correction request, the Company will inform the requester in writing providing the estimated number of days it will take to revert back. If the Company is unable to provide the requester with access to the requested Personal Data or to make a deletion or correction as requested, the Company shall generally inform the requester of the reasons why the Company is unable to do so (except where the Company is not legally required under the applicable laws and regulations).

7.1 A customer may request to withdraw his/her consent for the Company to collect, use, process or disclose his/her Personal Data for any purpose by contacting us in the manner set forth in Section 12 (Contact Us). In some cases, withdrawing consent may hinder the Company’s ability to facilitate, process, administer, provide or maintain services to the requester.

7.2 The Company will process the customer’s request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using, processing and/or disclosing their Personal Data in the manner stated in their request.

7.3 Notwithstanding the preceding paragraphs, the Company may, if necessary, retain Personal Data and records in accordance with the applicable laws and  regulations although a customer may withdraw his/her consent.

8.1 The Company may engage following data intermediary to process customers’ Personal Data on behalf of the Company.
(a)    Outsourcing the processing of Personal Data to Marketo Inc. for the use of marketing automation tools.

8.2 The Company undertakes an appropriate level of due diligence to assure that the data intermediary engaged by the Company to process Personal Data is compliant with the applicable laws and regulations.

9.1 The Company will take reasonable measures to protect Personal Data from any unauthorised access or modification, improper collection, use or disclosure, unlawful destruction or accidental loss, in consistent with the applicable laws and regulations. In the event that incidents, such as a leak of the Personal Data occur, we will endeavour to minimize the damage by taking prompt action.

9.2 The Company has implemented required security practices and standards in line with the global standards and has a comprehensive documented information security program and policy in place, which contains managerial, technical, operational and physical security control measures that commensurate with the information assets being protected with our nature of business. It is being reviewed periodically to keep pace with business, technology and regulatory changes.

The Company will retain customers’ Personal Data for those periods necessary to fulfil the purposes, unless a longer retention period is required or permitted under the applicable laws and regulations. If the Company no longer needs customers’ Personal Data to fulfill the purposes, the Company will delete or anonymize the Personal Data from our databases in accordance with the applicable laws and regulations. The Company will use customers’ Personal Data within the region in which it is collected, processed and/or disclosed.

You have the right to complain to your local data protection authority, or to a court of law, if your data protection rights are violated under the applicable data protection laws. You may be entitled to claim compensation for damages or distress incurred or suffered in consequence of unlawful processing of your Personal Data.

If you have any comments or questions regarding this Policy or the ways in which we collect and use your Personal Data, or you wish to exercise any of your rights under the applicable laws and regulations, please do not hesitate to contact us at:

13.1 As part of the Company’s efforts to ensure that it properly manages, protects and processes customers’ Personal Data, the Company will be reviewing its policies, procedures and processes from time to time.

13.2 The Company reserves the right to amend and update the terms of this Policy at its absolute discretion.

13.3 Customers are encouraged to visit this Policy from time to time to ensure that they are well informed of the Company’s latest policies in relation to the protection of the Personal Data.