Of note, the respective definitions of "personal information," "personal data" and "retained personal data" in this Policy shall be the same as those prescribed in the Act on the Protection of Personal Information. Unless otherwise noted in each paragraph, this Policy is applicable to all personal information we collect from you and all personal information we manage when you use various "Rakuten Mobile" services.
We shall handle your personal information that we collect when you use various "Rakuten Mobile" services in compliance with the Act on the Protection of Personal Information, the Guidelines on the Act on the Protection of Personal Information, the Telecommunications Business Act, the Guideline on Protection of Personal Information in Telecommunications Business and other related regulations, as well as this Policy.
We will, to the extent necessary for business, collect personal information by a proper method in light of the common sense of the general public by means of writing (e.g., application forms), websites, orally, etc., while exercising caution to ensure that there is no illegality in light of laws and regulations, etc.
In cases where we collect personal information, we will specify the purpose of use and notify or publish such purpose to you. Personal information will not be handled beyond the extent necessary for fulfilling the specified purpose of use. In cases where we use and provide personal information and publish matters concerning retained personal data, etc., we will do so in an appropriate manner in consideration of the business scale, nature of services, etc. of Rakuten Mobile.
In cases where we use anonymously processed information (meaning information derived by processing personal information in such a manner that makes it impossible to not only identify a specific individual but also restore such personal information) in order to protect your privacy, we will handle such information in an appropriate manner in accordance with laws and regulations by putting in place the procedures for processing and handling such information.
The storage period of personal information retained by us shall not be longer than necessary for fulfilling the purpose of use of personal information. Personal information whose storage period has elapsed will be deleted without delay by an appropriate method.
Of note, even after the termination of various contracts you have with us, we may store and use your personal information for the purpose of fulfilling legal/regulatory obligations, collecting fees, resolving conflicts, solving problems and/or exercising rights, and with the objective of conducting various surveys necessary for such purpose.
Comprised of Rakuten, Inc. (hereinafter "Rakuten") and its subsidiaries and affiliates, the Rakuten Group (click here for the principal scope of Rakuten Group) provides many different kinds of services. We may provide information to other Rakuten Group companies to enable you to use such Rakuten Group services in a convenient and comfortable manner. The type of information to be provided to other Rakuten Group companies, the purpose of providing such information and other matters will be prescribed in the policy for handling personal information on a business-by-business basis.
To the extent necessary for fulfilling the purpose of use, we may outsource the handling of your personal information to a third party. In cases where the handling of such personal information is to be outsourced, we will establish the criteria for selecting outsourcees and conduct necessary and appropriate supervision with respect to outsourcees such as checking their information management system in advance. As for personal information provided (entrusted) to us by an outsourcer in association with operations contracted out to us, we will use such personal information to the extent necessary for fulfilling the contract with the outsourcer.
Because of the global nature of our business, the information that Rakuten Mobile collects from you may be transferred to countries whose data protection laws are not as comprehensive as those from where you are based. When Rakuten Mobile transfers personal information overseas, Rakuten Mobile has put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact Rakuten Mobile at the details in accordance with Section 7(“Responding to Customer Inquiries, etc.”). For global data processing within Rakuten Mobile, we put in place adequate measures including Binding Corporate Rules we implemented, a recognized European data protection standard. Binding Corporate Rules (the “BCRs”) provide for an appropriate level of protection. Rakuten Mobile’s rules have been approved by the relevant European Union Authorities and these are also a strong commitment to protect your privacy around the world. Rakuten's BCRs are available here: https://corp.rakuten.co.jp/privacy/en/bcr.html
If we have received from you an inquiry about personal information retained by us or a request for the notification of the purpose of use of retained personal data or the disclosure, correction, etc. (i.e., correction, addition or deletion), cease of use, etc. (i.e., cease of use or deletion) or cease of third-party provision of retained personal data, we will respond to you in an appropriate manner within a reasonable period in accordance with laws and regulations after verifying your identity. The inquiry counter is as follows.
Rakuten Mobile Communication Center
Operating hours: From 9:00 to 20:00 (open seven days a week, 365 days a year)
For the detailed procedures for requesting the notification of the purpose of use of retained personal data or the disclosure, correction, etc. (i.e., correction, addition or deletion), cease of use, etc. (i.e., cease of use or deletion) or cease of third-party provision of retained personal data, please refer to How to Request Disclosure, etc. of Retained Personal Data.
In order to prevent and rectify unauthorized access to personal information and destruction, damage, loss, falsification, leakage, etc. of personal information, we will take action such as controlling access to personal information, restricting personal information that can be taken out, and preventing unauthorized access from outside.
For details of our security control action, please refer to our Information Security Policy.
We will appoint a manager who is responsible for managing and storing your personal information and execute internal controls to ensure the manager can be dedicated to activities related to personal information management, such as proper compliance with laws, regulations and guidelines, etc., formulation of internal rules and regulations, development of an audit system and supervision of handling of personal information.
We will conduct in-house activities to raise awareness of our officers and all employees (staff members) to comply with laws, regulations and guidelines, etc. related to personal information, and make them not only understand the importance of protection of personal information but also endeavor to maintain the confidentiality of personal information. We will also conduct reviews and make improvements to our personal information management approach on an ongoing basis, including putting internal rules and regulations in place.
In order to thoroughly enforce compliance with internal rules and regulations established by us as well as relevant laws and regulations, etc., we will periodically audit and assess personal information management, and as necessary, conduct an external audit to obtain assessment more objectively. We will strive to manage personal information properly by dealing harshly with acts of violation, if any.
From time to time, in order to comply with changes in applicable laws/regulations or for legitimate business purposes, etc., we may revise this Policy, in which case such revisions will be displayed on this website. Please check back from time to time to ensure that you have read the most recent version of this Policy.
Revised: April 8, 2020