Data Protection and Privacy Policy


KDDI Vietnam Corporation (the “Company”) acknowledges the importance of safeguarding and protecting personal data (the “Personal Data”) of individuals from any such misuse. This Data Protection and Privacy Policy (the “Policy”) sets out the Company rules and guidelines relating to the collection, disclosure, processing, use and safeguarding Personal Data of individuals by the Company.

If an individual, at any time, has any questions or feedback relating to the Company’s Policy or the Company’s collection, use, processing and protection of their Personal Data, please do not hesitate to contact at [].

1. Types of Personal Data Collected

1.1 Personal Data which the Company collects include, but is not limited to:
  (a) individual’s name, IC number, passport or other identification number when it is required under law or when it is necessary to accurately establish or verify the identities of the individuals to high degree of fidelity;
  (b) individual’s telephone number, mailing address, email address and any other information relating to an individual which was provided in any forms submitted to the Company in any mode of communication;
  (c) information relating to job applicants and employees, including their employment history, education background, and income levels; and
  (d) individual’s financial information, such as bank account or credit card information for payment transactions and credit history.

2. Collection of Personal Data

2.1 The Company collects Personal Data in several ways, including but not limited to the following manners:
  (a) When an individual contacts the Company for enquiries, via any mode of communication;
  (b) When an individual requests the Company to respond in writing or to return a telephone call;
  (c) When an individual submits the Company for application of services in writing or a telephone call; and
  (d) When an individual submits Personal Data to the Company for employment purposes.

3. Purposes for Collection, Use and Disclosure of Personal Data

3.1 The Personal Data which the Company collects from individuals may be collected, used and/or disclosed for the following purposes:
  (a) carrying out due diligence or other screening in accordance with any legal or regulatory obligations or the Company’s risk management procedures that may be required by law or that may have been put in place by the Company;
  (b) conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve the company’s products, services and facilities in order to enhance the business for the Company’s Business Partners’ benefits;
  (c) storing, hosting, backing up (whether for disaster recovery or otherwise) of individual’s Personal Data, whether within or outside Vietnam;
  (d) providing services, such as system integration, maintenance support, and its supportive operation including invoicing,etc.; and
  (e) if it becomes necessary by a Court Order to cooperate with the government organization, complying with or as required by any applicable law, request or direction of any government agency and/or regulatory authority, or public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that the Company may/will disclose Personal Data to the aforementioned parties upon their request or direction.
(collectively, the “Purposes”)

4. Specific Issues for the Disclosure of Personal Data to Third Parties

4.1 The Company respects the confidentiality of the Personal Data that individuals have provided.
4.2 In that regard, the Company will not disclose any of individuals’ Personal Data to any third parties without first obtaining their express consent permitting it to do so. However, please note that the Company may disclose individuals’ Personal Data to third parties without first obtaining their consent in certain situations, including, without limitation, the following:
  (a) cases in which the disclosure is required based on the applicable laws and/or regulations;
  (b) cases in which the purpose of such disclosure is clearly in the individuals’ interests, and if consent cannot be obtained in a timely way;
  (c) cases in which the Personal Data is critically required for the protection of a person's life, body, or property, and the consent from the Business Partners cannot be obtained in time;
  (d) cases in which there are reasonable grounds to believe that the health or safety of an individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that the Company shall, as soon as may be practicable, notify the individual of the disclosure and the purposes of the disclosure;
  (e) cases in which the disclosure is necessary for any investigation or proceedings;
  (f) cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer; and/or
  (g) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.
4.3 The instances listed above are not intended to be exhaustive.
4.4 In all other instances of disclosure of Personal Data to third parties with individuals’ express consent, the Company will endeavour to provide adequate supervision over the handling and administration of their Personal Data by such third parties, as well as to provide for adequate forms of protection over such Personal Data.

5. Disclosure of Personal Data

5.1 Subject to the provisions of any applicable law, Personal Data of an individual may be disclosed by the Company to third parties, but not limited to the following, whether they are located overseas or in Indonesia for one or more of the above stated Purposes:
  (a) KDDI group companies;
  (b) agents, contractors, or third-party service providers;
  (c) business partners;
  (d) banks, financial institutions;
  (e) professional advisers such as consultants, auditors, and lawyers; or
  (f) government or public agencies.

6. Request for Access and/or Correction of Personal Data

6.1 An individual may apply to access a copy of his/her Personal Data retained by the Company, or request for such Personal Data to be updated or corrected, by sending a written request to the Company via email. Please be informed that the Company may charge an administrative and service fee to access and recover the Personal Data for the requested purpose and will inform such fee amount to the requester, accordingly.
6.2 The Company would usually respond to an access or correction request within a reasonable time.
7.1 An individual may withdraw his/her consent for the Company to collect, use, administer, process or disclose his/her Personal Data for any purpose by submitting his/her request to the Company via email. In some cases, withdrawing consent may hinder the Company’s ability to facilitate, process, administer, provide or maintain services to the requester.
7.2 The Company will process the individual’s request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing their Personal Data in the manner stated in their request.
7.3 However, the Company may, if necessary, retain Personal Data and records in accordance with the government regulations although an individual may withdraw his/her consent.

8. Data Intermediaries

8.1 The Company may engage a data intermediary to process individuals’ Personal Data on behalf of the Company.
8.2 The Company undertakes an appropriate level of due diligence to assure that the data intermediary engaged by the Company to process Personal Data.

9. Management and Security of Personal Data

9.1 The Company will take reasonable measures to protect Personal Data from any unauthorised access or modification, improper collection, use or disclosure, unlawful destruction or accidental loss.
9.2 However, be aware that no method of transmission over the internet or electronic storage is completely secure. While security cannot be guaranteed, the Company will strive to protect the security of the Personal Data and will constantly review and enhance its information security measures.

10. Updates on Policy

10.1 As part of the Company’s efforts to ensure that it properly manages, protects and processes individuals’ Personal Data, the Company will be reviewing its policies, procedures and processes from time to time.
10.2 The Company reserves the right to amend the terms of this Policy at its absolute discretion.
10.3 Individuals are encouraged to visit this Data Protection and Privacy Policy from time to time to ensure that they are well informed of the Company’s latest policies in relation to Personal Data protection.

Last Updated on [December 15, 2020]