1.0 About us and our privacy notice
This notice explains how we, KDDI Canada, Inc.(“We”, “us”, “Our”), use information about you (your ‘personal data’) when you use our services, contact us or access our website or social media sites. This means information such as your name, address or email address. More details are included below about the types of personal data about you that we hold and process.
We are the ’data controller’ which means that we are the main decision-maker responsible for how and why your personal data is used. It is our responsibility to comply with applicable data protection when we are processing your personal data.
We sometimes use personal data on behalf of other organisations as their ‘data processor’, meaning that we can only use the personal data in the ways instructed by the other organisation. This is usually to provide those other organisations with our services. Where this happens, that other organisation will explain how they use your personal data.
You can get in touch by using the details at Section 10 ‘Contact Us’ if you have any questions about this notice.
2.0 The personal data we collect about you
The table below explains what personal data we use and how we collect it.
| What personal data? | How do we collect it? |
|---|---|
| Your identity and contact information including your: • name • business address and potentially other locations (e.g. different offices) • LinkedIn page address • email address • phone numbers If you work for one of our business customers, we will collect: • your organisation’s name • your position in the business, and • the organisation’s address, email address and phone numbers. If you work for an organisation that supplies services to or works with us, we will also collect: • your organisation’s name • your position in the organisation, • and the organisation’s address, email address and phone numbers. We also collect details of any electronic device you use to access our services, such as its IP address and operating system. We may also collect your fingerprints for access purposes. We have included further information about this below. | You might provide this information when you: • contact us directly • use our websites or apps • fill in one of our forms e.g., contact us on our website • apply online for a service from us • use or receive our services • work with us on projects such as marketing campaigns • supply services to or work with us. |
| Financial details including: • the cost of the products and services you have bought; • records of your payments; and • your payment information, such as credit card or debit card payment details. | You provide this information to us when you buy our services or later when we seek payment for our services. We may also receive some of this information from other organisations such as credit-reference agencies where we use them to do credit checks or to help us confirm your identity. |
| Audio and video recordings including: • images recorded on CCTV and other equipment. | We may record images of you if you visit a location where we use CCTV. We use CCTV to protect our customers, employees and property. |
| Biometrics, specifically fingerprints. | We use these for access control and we will request this as part of our access requirements for our building. We use biometrics to protect the public, to help prevent, deter and disrupt criminal activity, for safety reasons, for our customers to protect them and their equipment, to protect our employees and to safeguard the continuity of our services. |
| Your vehicle license plate for Automatic Number Plate Recognition (ANPR) systems. | We may collect your number plate when you are accessing one of our sites as part of our access control to help prevent, deter and disrupt criminal activity. |
| Information about your marketing preferences. | We collect this information when you contact us (for example, when you apply for one of our services or register with one of our websites). You can update your marketing preferences at any time via our website or by emailing us at We have included further information on our marketing activities under Section 4 ’Marketing’. |
3.0 Why we use your personal data and our legal basis
The table below explains how and why we use your personal data. We use your personal data based on your consent to the extent required by applicable privacy laws and in accordance with applicable privacy laws.
| When? | Purpose (Why?) |
|---|---|
| When setting you up as a customer | Enables smooth delivery of services and enables you to assess whether the services are what you need and how they interact with your IT systems. |
| When providing our services to you | To provide our services with you and manage our contract with you, including: • arranging payment; and • managing any service issues that arise. |
| Dealing with enquiries or complaints | To manage our relationship with you which may include: • communicating with you; • managing any queries, complaints or service issues that may arise; • engaging with you to understand your service feedback; • discussing our range of services with you; • assisting you in demonstrating how the functionality of our services can further assist you; and • notifying you about changes to our terms or this notice. |
| Marketing our services to customers and potential customers | To deliver relevant marketing to you where we are allowed to do so and to measure or understand the effectiveness of the marketing we serve to you. We have included further information on our marketing activities under Section 4 ’Marketing’. |
| Website analytics, feedback you provide and market research and analysis | To improve your experience of our services and websites including: • understanding how different people use and interact our website and services. • improving our service offering to you ensuring our website and service offering remains safe from cyber incidents • conducting analysis required to detect malicious data and understanding how this may affect your IT system; • statistical monitoring and analysis of current attacks on devices and systems; and • adapting the solutions provided to secure devices and systems against current attacks. |
| Maintaining security, preventing fraud and money laundering, and taking action against fraudsters and other criminals | This includes: • identifying and stopping illegal scam / phishing mails; • monitoring the use of our copyrighted material; • using credit checks; • using personal data to support or defend legal action, including as evidence in court cases; and • monitoring communications between our workforce and other third parties to protect the security of personal data and confidential information. |
| CCTV and biometrics when you access our premises | • To protect our customers, employees and property; • to keep our operations safe, protect continuity of service for our customers and protect the rights and property of our workforce and customers and any other people on our sites; • in investigations and legal action relating to any possible crime detected, including as evidence in legal disputes and court proceedings; • for in-depth threat analysis;to obtain further knowledge of current threats to network security in order to update our security solutions and provide these to the market; and • to help us keep our workforce safe (health and safety/fire risks). |
4.0 Marketing
We may use your personal data to help us understand what services we think might help you or be of interest to you or your organisation.
If you have opted-in to marketing (e.g., a newsletter on our website), requested information from us or bought services from us and we are allowed to do so, we may send information to you about those or other services and offers.
You can ask us to stop sending this information at any time by clicking “unsubscribe” on any email marketing sent to you or by contacting us using the details at Section 10 ‘Contact Us’.
We will ask for your express opt-in consent before sharing your personal data with other companies for them to market their products or services to you.
5.0 Who do we share your personal information with?
We may share your personal data with the following groups of organisations for the purposes set out at Section 3 ‘Why we use your personal data’.
Our Group Companies
- with other companies in our group, for the purposes of security operations and financial management.
Business partners
- with our business partners (e.g. the organisation which sold you our service).
Vendors
- with companies providing services to us who will process your personal data on our behalf and under our written instructions such as IT service providers (e.g. Microsoft), financial institutions, customer relationship management vendors (e.g. Salesforce) and other cloud-based solutions providers that are used by us in the conducting of our business.
Our professional advisors
- for example our accountants, lawyers, auditors etc.
Information required by law or regulation
- to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation such as law enforcement bodies, governmental and regulatory bodies, the courts and other competent authorities that may request personal data in connection with any inquiry, court order, or other legal or regulatory procedures which we would need to comply with.
To protect us or others
- to establish or protect our legal rights, property or safety, or the rights, property or safety of others, or to defend against legal claims.
In connection with business transfers
- in connection with a reorganisation, restructuring, merger, acquisition, or transfer of our business or assets, as long as the receiving party agrees to treat your personal data in accordance with data protection laws.
6.0 Transferring your personal data internationally
We have group companies around the world and are part of a global business called KDDI. Our suppliers, customers and our operations are spread around the world. As a result we collect and transfer personal data on a global basis. We will transfer the personal data we collect about you to countries outside Canada (such as the USA), and it may be accessible to foreign law enforcement and national security authorities..
In these circumstances, we will ensure that your personal data is protected and transferred in a manner consistent with legal requirements.
7.0 How we protect your personal data
We take the security of your personal data very seriously. We use appropriate strategies, controls, policies and measures to keep your data safe and keep these measures under close review. Customer’s files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. This means that your data is protected and only accessible by members of our team who need it to carry out their job responsibilities. We also ensure that there are strict physical controls in our buildings which restricts access to your personal data to keep it safe.
8.0 How long we keep your personal data
In general terms, we will only keep your personal data for as long as is needed for the purposes described in this notice. This means that the period it is kept (its ‘retention period’) will vary according to the type of the personal data and the reason that we have it in the first place.
We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the lawful basis for doing so.
9.0 Your rights
You have a number of rights relating to your personal data and what happens to it. You are entitled to:
- be informed about how your personal data is being used, an example being this privacy notice;
- access personal data we hold about you;
- require us to correct any mistakes in your personal data; and
- make a complaint about KDDI’s privacy policies and practices.
You can exercise your rights by contacting us using the details under Section 10 ‘Contact Us’.
10.0 Contact us
Our privacy officer is responsible for KDDI’s privacy policies and practices, and receives complaints and inquires on behalf of KDDI.
If you have any questions or concerns about our use of your personal data, or about this notice, or if you wish to seek access to your personal information please contact our privacy officer at:
Address: FAO: 151 Front Street West, Suite 501, Toronto, M5J 2N1, Ontario Canada
Email Address: [email protected]
11.0 Changes to this notice
We may update this notice from time to time. If we make significant changes, we will let you know but please regularly check this notice to make sure you are aware of the most updated version.