NTT DOCOMO Privacy Policy
NTT DOCOMO, INC. ("DOCOMO") is rendering various services and products (collectively "Services") so that our customer can enjoy a rich and comfortable life. For rendering the Services and conducting other relevant business activities, we may collect your Personal Data (not limited to personal information as set forth in the Act on the Personal Information and Specific user information forth in the Telecommunications Business act, and including all data concerning an individual) in certain instances. We believe that the proper processing of Personal Data in our business activities is our important duty. To reflect our belief and sincerely regulate ourselves, we have enacted and published the "NTT DOCOMO Personal Data Charter".
In line with the philosophy of "NTT DOCOMO Personal Data Charter", DOCOMO sets forth this Privacy Policy as a policy concerning the processing of Personal Data.
This Privacy Policy also elaborates "how DOCOMO processes Personal Data" and "how the customer can manage their own Personal Data." We published "Understand by Knowing! DOCOMO's Use of Personal Data (in Japanese only)" to explain them more specifically and in a way that make them easier to understand, and so please also refer thereto.
1. Proper processing of Personal Data
We will comply with the applicable domestic and foreign laws and regulations, guidelines (collectively "Laws") in processing Personal Data and continuously improve this Privacy Policy. We will collect your Personal Data only by proper means and securely manage your Personal Data under our proper data management structure. In addition, we will implement proper company regulations and carry out necessary educational training of employees. By doing so, DOCOMO will make our best endeavors for our customers so that they can use convenient, safe and secure Services.
2. Collecting of Personal Data
DOCOMO will collect Personal Data in the following instances:
- When directly provided by the customer to DOCOMO:
For example, DOCOMO will collect your Personal Data when you fill out the application form for ordering our Services at a DOCOMO shop or you register and/or send the Personal Data from your smartphone when using our Services. - When automatically recorded when the customer uses our Services:
For example, when you use our Services on the internet, information regarding usage history of the Services may be automatically recorded in DOCOMO's server. Similarly, information recorded on your device (such as a smartphone) may be automatically sent to DOCOMO according to the settings of the device. In certain instances, such information includes your Personal Data. - When indirectly obtained from third party when the customer uses the third party services:
For example, when you use dPOINT at our member shop, DOCOMO may collect relevant shopping history at the member shop. Similarly, the member shop may provide us with such information.
3. Purpose of processing of Personal Data
- DOCOMO will process your Personal Data for the following purposes:
-
Purpose of Use (1)For provision of services, products, etc., and for communications/notifications etc. to customer that are necessary for the performance of the agreement with customer.
Open
As examples, the following purposes of use are included:
- Providing various services and functions under the terms of an agreement and executing other terms of an agreement
- Confirming the identity of a person or family members at the time of application and when using the services, etc.
- Confirming whether the application conditions have been satisfied
- Determining credit and managing post-credit
- Calculating and/or invoicing the billing amount (including for collection agencies) and managing points
- Disposing of claims and/or rights acquired against the customer, pledging collateral and for other transactions
- For age information notifications when using services of contents providers corresponding to age determining functions
- Notifying of required matters concerning an agreement
- Arranging, sending and after-servicing ordered products
- Communicating with the customer upon the occurrence of fraudulent contracts, unauthorized use and non-payment
- Responding to opinions, requests, inquiries, etc. concerning the services
-
Purpose of Use (2)For proposals services, products, etc., in relation to purchased services, products, etc., and for communications/notifications etc., to customer that are necessary thereto
Open
As examples, the following purposes of use are included:
- Proposing rate plans to customers when consulted about rates
- Providing information regarding various campaigns, other sales promotion programs, etc. and events, etc. for DOCOMO, partner businesses, member stores, etc.
- Drawing winners, sending prizes and gifts and providing notifications for various campaigns and other sales promotion programs, etc.
- Providing information on products, services, contents, etc. recommended for the customer
- Displaying and transmitting advertisements of DOCOMO and other companies that are appropriate for the customer
-
Purpose of Use (3)For preservation and countermeasures against fraud that are necessary for reliable and stable provision of services, products, etc.
Open
As examples, the following purposes of use are included:
- Operating and maintaining network application systems, etc.
- Preventing and responding to the occurrence of failures, defects, accidents, etc. of products, services, network application systems, etc.
- Preventing the occurrence of, and countermeasures upon the occurrence of, fraudulent contracts, unauthorized use and non-payment
-
Purpose of Use (4)For planning, developing and improving services, products, etc. and various investigations and analyses
Open
As examples, the following purposes of use are included:
- Planning and development of new products, new services and new technologies
- Improving service quality and improving reception services
- Investigating and analyzing sales status and usage status
- Carrying out investigations concerning awareness and actual conditions concerning products and services, various campaigns and other sale promotion programs, etc. (not limited to those of DOCOMO, partner businesses, member stores, etc.)
- Investigating, analyzing and measuring effects for carrying out various campaigns and other sales promotion programs, etc.
- Carrying out questionnaire investigations
Further, if the customer consents to the terms of agreement of the "Use of Location Information" separately set forth by DOCOMO, the location information will be used to the extent necessary for achieving the following purposes of use:
- For granting benefits such as coupons that can be used at DOCOMO, DOCOMO's consolidated subsidiaries and equity-method affiliates, or dPOINT member stores, and providing information and displaying/distributing advertisement concerning the various products, services, campaigns and events (including those of third parties other than DOCOMO) that DOCOMO determines to be appropriate; and
- For investigating and analyzing the sales/usage status of DOCOMO's products and Services, operating/improving DOCOMO's products and Services, planning for new products and new Services, questionnaire investigations and other marketing analysis.
- If the customer wishes to suspend the use of the location information in the above purpose of use the customer consented to, the customer should change the customer's Personal Data Dashboard settings. In addition, please be advised that the location information acquired prior to the changes to the settings being reflected may be used.
- Notwithstanding the above consent, DOCOMO will be acquiring/using the location information by obtaining the customer's consent to the extent required for the provision of electrical transmission services or is otherwise permitted by the laws and regulations or in the individual Services, apps, etc. Furthermore, please execute the suspension of use of the location information independently used in the individual Services, apps, etc. pursuant to the method specified in the individual Services, apps, etc.
[Customer Analysis by DOCOMO]
By analyzing personal data such as service usage history and location information, personal data will be analyzed within the scope of the purpose of use set forth in this Privacy Policy, for example, by estimating the interests, preferences, and trends of the customer and using it to propose services and products, distribute advertisements, and develop services and products in response to them, or by estimating the health status of the customer and using it to provide services in response to them. When analyzing the Personal Data, we will be conscious of whether it will be for the customer's benefit and whether it will contribute to society, and not make any use that would harm the customer's credibility, and do not use it in a way that undermines customer trust. Please confirm the "Understand by Knowing! DOCOMO's Use of Personal Data(in Japanese only)" for details and the following for specific usage examples.
-
Purpose of use for Customer analysis
Open
- Analyzing personal data such as service usage history, website browsing history, purchase history, location information, and contract details obtained from each service, and making proposals and distributing advertisements for services and products in response to customers' interests, preferences, and tendencies.
- The results of analysis and aggregation using the personal data of customers shall be statistically analyzed so as not to identify the individual customer and its aggregation so that the individual customer cannot be identified and providing such information to partner businesses and other third parties.
- To develop, provide, and improve services and products by analyzing personal data such as service usage history and location information acquired by each service to estimate and predict health conditions, etc.
- Explaining the purposes of use and provisions to partner businesses to the customer by each Service and measure, and analyzing the customer's Personal Data to the extent consented to thereby, and using and providing the results of analysis thereof.
- Analyzing personal data such as service usage history, customer information and contract details obtained from each service, and taking countermeasures against fraud in order to prevent fraudulent contracts, unauthorized use, etc.
[Use of Customer Service Contents (Audio and Video Recordings)]
DOCOMO will record the audio and video of customer service contents, as necessary, at docomo shop stores and will use the customer service contents to the extent of the purposes of use set forth in this Privacy Policy, including the purposes set forth below:
- To accurately understand the responses to the opinions, requests, and inquiries from customers regarding the services
- To improve the quality of customer service
- To ensure employee safety based on the “Docomo Group's Basic Policy on Customer Harassment (PDF format:107KB)”
- DOCOMO will not process Personal Data in the following way:
- Unfairly discriminate against the customer in determining whether to provide Services to the customer
- DOCOMO may continue to process Personal Data even after the relevant contract for the Services terminates.
- If DOCOMO processes Personal Data to perform services entrusted from other parties, DOCOMO will use Personal Data only to the extent necessary to perform such entrusted services.
4. Consent to the processing of Personal Data
If so required under the Laws and otherwise we consider appropriate, DOCOMO will obtain your prior consent for (i) the processing of your Personal Data, (ii) transfer of your Personal Data to third parties (including third parties in foreign countries) and/or (iii) any other purpose. You can review and manage the status of your consent(s) which you gave to DOCOMO in various circumstances via "Personal Data Dashboard".
Notwithstanding, to the extent permitted by the Laws, DOCOMO may, without your prior consent, (i) process your Personal Data for purposes other than the purposes provided in 3. (1) and/or (ii) transfer of your Personal Data to third parties (including third parties in foreign countries). However, even in such instance, DOCOMO will give due consideration to your rights and interests.
5. Management of Personal Data by the customer
Under certain circumstances, you may have an opportunity to opt out of (i) the transfer of Personal Data to certain third party and (ii) processing the Personal Data for some specific purpose. You can review and manage the status of your indication for the opt-out via "Personal Data Dashboard."
Please also refer to "Claim Procedures regarding Retained Personal Data, etc." for claim procedures for the disclosure of your retained personal data.
In addition, please refer to "Disclosure Request Procedures for Records on Third Party Provisions concerning personal data" with respect to the disclosure request procedures for records provided to third parties regarding the customer's personal data.
6. Safety management of Personal Data
DOCOMO has declared the "Information Security Policy" as its policy regarding information security, to enable you to use our Services with ease. DOCOMO will take necessary and proper measures to prevent the divulgence, loss or damage of Personal Data and for other safety management of Personal Data.
In addition, DOCOMO will publish the timing and details of matters that must be made public in accordance with Telecommunications Business Act in the "Notice of leakage regarding the Specific user information" section every year.
7. Sub-processing of Personal Data
DOCOMO may use a sub-contractor for our Services, including sales and reception services, troubleshooting services, fee and credit-related services, website and system operation services, event and campaign implementation services, data processing and analysis services and other services. In some instances, such sub-contractor may process your Personal Data on behalf of DOCOMO, to the extent necessary to perform its duties under the sub-contracting contract. In such instance, DOCOMO will select an eligible sub-contractor who is recognized as being able to properly process Personal Data, and will carry out proper supervision thereof.
8. Notice of Other Matters regarding the Processing of Personal Data
If further notifications are required under the Laws, for example, when DOCOMO jointly processes the personal data with other parties without your consent or processes anonymized processed information or pseudonymized processed information, Safety management method, DOCOMO will post necessary notifications on "Notice of Other Matters regarding the Processing of Personal Data" .
9. Inquiries regarding the processing of Personal Data
Please contact the below customer support desk for inquiries regarding the processing of Personal Data:
NTT DOCOMO, INC.: Customer Service
0570-073-030 (toll); hours of operation: 10:00AM ~ 6:00PM (except Saturdays, Sundays, holidays, and end/beginning of year holidays)
Accredited Personal Information Protection Organization
DOCOMO is covered by the following accredited personal information protection organizations. The customer can also lodge complaints and/or consult with the service desk of each organization on the handling of personal information in the following businesses.
- Service desk concerning telecommunications businesses 03-5907-3803 (toll)
- Service desk concerning credit card businesses 03-5645-3360 (toll)
- Service desk concerning money lending business 0570-051-051 (toll)
- Service desk concerning consumer advisors and consultants
Nippon Association of Consumer Specialists (in Japanese only)
03-6434-1125 (toll)
10. Amendment to the Privacy Policy
DOCOMO may amend this Privacy Policy as necessary according to the laws and regulations and for business reasons. Amendments, etc. will be published on the website. In addition, DOCOMO shall take measures pursuant to laws and regulations depending on the amendments.
August 30,2024
NTT DOCOMO, INC.
Yoshiaki Maeda, The President and CEO
Sanno Park Tower, 2-11-1 Nagata-cho, Chiyoda-ku, Tokyo, 100-6150, Japan
PDF Downloads
NTT DOCOMO Privacy Policy is available for download by clicking on the link below.
NTT DOCOMO Privacy Policy (in Japanese only)
-
In order to view PDF files, you must have the Adobe® Reader® plug-in offered free of charge from Adobe Systems, Inc. When viewing the PDF files with Adobe® Acrobat®, use version 10 or later.
- These contents will apply to the purpose of use of personal information that were acquired before December 11, 2019, concerning customers who have never been a d POINT CLUB member on and after December 11, 2019.
- We do not use OCN service (in Japanese only) personal information or other personal information obtained prior to June 30, 2023 under the terms of service, etc. to which the OCN Service Privacy Policy (in Japanese only) applies, to provide inform customers of services outside our company. (This does not apply if you agree to the NTT DOCOMO Privacy Policy after July 1, 2023.).
Exhibit: Additional information for EU and UK citizens
In the following, DOCOMO provides you with the additional information as required in accordance with the General Data Protection Regulation 2016/679 ("GDPR") and the United Kingdom Genera Data Protection Regulation ("UK-GDPR"). This Exhibit A supplements the information provided in the main body of the "NTT DOCOMO Privacy Policy" to the extent required under GDPR and UK-GDPR. Capitalized terms not defined in this Exhibit have the same meanings ascribed to them in the "NTT DOCOMO Privacy Policy."
(1) Legal basis of the data processing
DOCOMO may collect, use, store and transfer different kinds of Personal Data which we have grouped together as follows:
<Basic Data>
Information about your identity, profile, and contact, which includes, for example, customer's ID such as d ACCOUNT and d POINT CARD number, attributes, contact address, date of birth, gender, family structure, and address.
<Usage Data>
Information about the use of various services, which includes, for example, contract status of various services, usage history, information about articles, images and videos you have posted, information about your behavior when you use the internet or application, names, locations payment of purchased services and products, responses to questionnaires.
Please note that any information falls under the category of "Basic Information", "Location Data" or "Medical and Health Information" as separately described here is not included in this scope.
<Location Data>
Information about the location of your device. Such data will be collected by various technologies, which include, for example, the GPS function of the device, utilizing data registered at cell tower, Wi-Fi hotspots or when using other short-range wireless communication technologies.
<Medical and Health Data>
Information related to your medical treatment and health that is collected when you use related service(s). For example, information on medical examinations and other tests conducted by physicians, information on health guidance, medical treatment and dispensing of medicines by physicians,and information on customers' height, weight, activity level.
We have set out below, in a table format, purposes of processing the Personal Data as well as the legal bases we rely on for the processing. We have also identified what our legitimate interests are where appropriate. Please note, with respect to EU and UK Citizen, we do not knowingly collect Personal Data relating to children under the age of 13 and only collect and process Personal Data relating to children under the age of 16 if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.
In addition, if we process any special categories of Personal Data about you as prescribed in Article 9 of GDPR including some information categorized under the Medical and Health Data, we will only do so based on your explicit consent.
Purpose | Type of Personal Data | Lawful basis for processing |
---|---|---|
For rendering Services and for communications/notifications to customer that are necessary for the performance of the contract with customer. |
|
(i) ~ (iii)
|
For proposals and offers of Services and for relevant communications/notifications.
|
|
(i) and (ii) Legitimate Interest: (To conduct marketing activities including various campaigns/promotion (but excluding direct marketing that we conduct based on explicit consent ) / To make suggestions and recommendations that may be of interest to you throw which we aim to grow our business) (iii), (iv) and in the case of conducting direct marketing by processing (i) or (ii): Consent |
For maintenance of Services and countermeasures against improper activities that are necessary for reliable and stable provision of Services. |
|
(i) ~ (iii)
|
For planning, developing and improving Services and various investigations and analyses relating to them. |
|
(i) and (ii): Legitimate Interest (To keep records updated/To analyse how customers use Services/ To improve quality of Services/ To analyse how customers use Services) (iii) and (iv) Consent |
(2) Disclosures of your Personal Data
We may share your personal data with third parties, including our subsidiaries and business partners, with your explicit consent and/or in the case otherwise permitted by Laws. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the Laws. Without your explicit consent, we do not allow our third-party service providers (i.e. subcontractors of our services) to process or otherwise use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions
(3) International data transfer
DOCOMO is established and headquartered in Tokyo, Japan, and most of the business partners to whom we may disclose the Personal Data, as controllers and/or as processors, are also based in Japan or elsewhere outside the European Economic Area ("EEA") or the United Kingdom ("UK").
The Personal Data will therefore be collected, transferred, stored and processed outside the EEA or the UK. Japan has been recognised by the European Commission and the UK as being a country which offers adequacy protection for the purposes of GDPR and UK-GDPR. Accordingly, it is lawful for the Personal Data to be collected, transferred, stored and processed by DOCOMO in Japan provided that DOCOMO complies with its obligations as a controller under GDPR and UK-GDPR and as a Personal Information Handling Business Operator under the amended Act on the Protection of Personal Information.
(4) How we keep the Personal Data secure
We have put in place appropriate robust security measures to prevent the Personal Data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed. We have adopted these measures to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services which process the Personal Data and to ensure that we can restore availability and access to the Personal Data in a timely manner in the event of a physical or technical incident. These measures are regularly tested, assessed and, where appropriate, updated to ensure they remain effective, and they will typically include:
- Technical security measures:
- multiple location, physically secure data centres designed to prevent single points of failure;
- secure system firewalls and authentication controls;
- back-ups and data recovery systems;
- secure encryption technologies; and
- state-of-the-art antivirus and intrusion protection.
- Organisational security measures:
- data system access controls, password controls and privilege management;
- data centre physical access controls;
- security and compliance training for personnel:
- robust data security breach reporting procedures;
- robust DRBC (disaster recovery and business continuity) procedures;
- contractual confidentiality obligations for personnel; and
- background checks for personnel (where appropriate and permitted / required by law).
We have put in place reporting procedures to deal with any suspected data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.
Whenever we engage third party service providers to store and process the Personal Data, we always ensure that those providers also implement appropriate technical and organisational security measures to keep the Personal Data safe and require those providers to adhere to strict contractual requirements for this purpose, as required by GDPR and UK-GDPR.
(5) How long we retain the Personal Data
We will only retain the Personal Data for as long as is necessary for the specific purposes it was collected for or, where relevant, for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements.
For example, we often have to retain basic information about our customers for a mandatory period of time after they cease being customers in order to comply with our tax law obligations.
Where there is no specific legal period for retaining the Personal Data then we will determine the appropriate retention period by considering the amount, nature, and sensitivity of the personal data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process the Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete the Personal Data: see Section 6 below for further information.
We may also anonymise the Personal Data (so that you are no longer identifiable from it) for research or statistical purposes. If so then we may use this information indefinitely without further notice to you.
(6) Your personal data rights
You have certain rights for the Personal Data under GDPR or UK-GDPR, some of which only apply in certain circumstances. These rights are:
- Right to access your Personal Data: This gives you the right to receive a copy of the Personal Data we hold about you subject to certain exemptions.
- Right to request correction of your Personal Data: This gives you the right to have any incomplete or inaccurate Personal Data we hold about you corrected.
- Right to request erasure of your Personal Data: This allows you to request us to delete or remove Personal Data. You also have the right to request us to delete or remove your Personal Data where you have exercised your right to object to processing (see below). In certain circumstances this right may not apply, such as where we have a good, lawful reason to continue using the information in question, and if so we shall inform you of such reasons at the relevant time.
- Right to object to processing of your Personal Data: You can object to us processing your Personal Data for legitimate interests purposes or for direct marketing. We must then stop processing your personal data unless we have a strong reason to continue which overrides your objection. If your objection is to direct marketing, we must always stop.
- Right to restrict how your Personal Data is used: You can limit how we use your Personal Data in certain circumstances. Where this applies, any processing of your Personal Data (other than storing it) will only be lawful with your consent or where required for legal claims, protecting certain rights or important public interest reasons.
- Right to have a portable copy or to transfer your Personal Data: You can request us to provide you, or (where technically feasible) a third party, with a copy of your Personal Data in a structured, commonly used, machine-readable format. Note this only applies to Personal Data which we obtain from you and, using automated means, process on the basis of your consent or in order to perform a contract.
- Right to withdraw consent: If we are relying on consent to process your personal data then you have the right to withdraw that consent at any time.
If you want to exercise any of the rights described above then please contact us as explained in Section 7 below. We try to respond to the requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
We may need to request additional information from you to help us confirm your identity. This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
You will not normally have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
(7) Contact
NTT DOCOMO, INC. is the controller and is responsible for your Personal Data.
We have appointed a Data Protection Representative in the European Union and the UK to support you with any data protection or privacy related queries which you may have. If you have any questions about this Exhibit, or if you wish to exercise your legal rights (as explained in Section 6 above) please contact us or our EU Data Protection Representative or UK Data Protection Representative using the following details:
- Company name: NTT DOCOMO, INC.
Email address: data-protection-ml@nttdocomo.com
Postal address: Sanno Park Tower
11-1, Nagata-cho 2-chome,
Chiyoda-ku, Tokyo 100-6150 Japan
Telephone number: +81 3 5156 1111 - EU Data Protection Representative: PLANIT//LEGAL Rechtsanwaltsgesellschaft mbH
Email address: docomo-gdpr-planit@planit.legal
Postal address: Jungfernstieg 1, 20095 Hamburg, Germany - UK Data Protection Representative: TMI Associates London LLP
Email address: docomo-ukgdpr-tmi@tmi.gr.jp
Postal address: CityPoint, One Ropemaker Street, London EC2Y 9SS, United Kingdom