OUR COMMITMENT TO PROTECT YOUR PRIVACY
Our commitment in respect of personal information is to abide by the National Privacy Principles for the protection of personal information, as set out in the Privacy Act of Myanmar and any other relevant law.
1. COLLECTION OF PERSONAL INFORMATION
KDDI Myanmar collects personal information (such as names, addresses, telephone numbers, and e-mail addresses) of its customers to the extent necessary to provide its services. Personal Information collected on customers may be shared among the services. In addition, when KDDI Myanmar has collected or attempts to collect personal information from its customers, KDDI Myanmar discloses to its customers and announces to (or notifies) its customers the intended purpose for which it will use such information.
2. USAGE OF PERSONAL INFORMATION
KDDI Myanmar will not handle the personal information in its possession beyond the extent necessary for fulfilling its intended purpose of usage, except in the following cases:
- 1) In instances where the customer has granted their permission
- 2) In the instance that KDDI Myanmar to deliver important notice, announcement or publications to the subscribers.
- 3) In instances where KDDI Myanmar is required to do so by a legally-enforced order.
- 4) If such information is required for the protection of a person’s life, body, or property, and the permission of the customer cannot be readily obtained.
- 5) If such information is required especially for the improvement of public health or the promotion of sound nurturing of children, and the permission of the customer cannot be readily obtained.
- 6) If it becomes necessary by legal ordinance to cooperate with a government agency, public authorities, or parties authorized by them, and there is concern that seeking permission of the customer may hinder the execution of the relevant duties
3. MANAGEMENT OF PERSONAL INFORMATION
KDDI Myanmar takes measures to manage access to personal information, limit the steps of its handling, and prevent unauthorized outside access, as well as measures to prevent leakage, loss or damage (hereinafter referred to as “Leakage, etc.”) and other necessary and appropriate measures (hereinafter referred to as “Safety Management Measures”) in order to safely manage personal information. In taking these Safety Management Measures, KDDI Myanmar applies standards including Safety and Reliability Standards of Information Communications Networks. Safety Management Measures are classified into two major categories, Technological Protection Measures and Organizational Protection Measures, and each category is implemented appropriately.
(1) Technological Protection Measures
- 1) ) Management of access to personal information (limiting employees with authority to access information (including measures such as immediate deactivation of accounts of employees who have transferred or left the company), surveillance of access status (such as long-term storage of access logs), regular changing of passwords, room entry/exit supervision, etc.)
- 2) Limits to steps in handling of personal information (prohibition of storage to external storage devices without permission, setting internal guidelines to monitor internal/external E-mail correspondence, etc.)
- 3) Measures to prevent unauthorized outside access (establishing firewalls, etc.)
(2) Organizational Protection Measures
- 1) ) Clearly regulating the responsibility and authority of employees and subcontracted parties engaged in safety management
- 2) Establishing internal codes of behavior and manuals regarding safety management, and instructing employees to comply with such codes and manuals, as well as supervising compliance with such codes and manuals where appropriate
- 3) Appropriate supervision of employees and subcontracted parties involved with safety management through measures such as confidentiality agreements with employees and subcontracted parties
- 4) Necessary training for employees involved with safety management