Privacy Policy

IDC Frontier Inc. (Address: Hibiya Park Front 20F, 2-1-6 Uchisaiwaicho, Chiyoda-ku, Tokyo; Representative: Katsuhisa Suzuki, President & CEO; hereinafter referred to as "IDC Frontier") is a telecommunications company which has filed notification as a telecommunications carrier under the Telecommunications Business Act. In its handling of personal data, IDC Frontier is responsible for complying with the provisions defining confidentiality of communication as stipulated in the Telecommunications Business Act (Act No. 86 of 1984), the Act on the Protection of Personal Information (Act No. 57 of 2003), a variation on the guidelines of the Act on the Protection of Personal Information, provisions for the protection of personal information stipulated in the Guidelines on Personal Information in Telecommunication Business (Ministry of Internal Affairs and Communications Notification No. 152 of April 18, 2017), and other related laws and guidelines.

This Privacy Policy clearly states the policy for handling customer's personal data that IDC Frontier introduces. All the provisions in this Privacy Policy will apply to all the work performed by IDC Frontier. Our customers may determine whether to provide their personal data to us after reviewing this Privacy Policy. It is subject to change, in which case the customers will be notified of the change through our website.

This Privacy Policy contains the following particulars concerning the handling of the personal data:

• Definition of personal data
• Purpose of use of personal data
• Shared use
• Means of collecting personal data and procedures
• Third party provision
• Sales promotion activities targeted at customers
• Use of cookies
• Protection of personal data
• Customers' rights to personal data maintained by IDC Frontier
• Safety management measures
• Policy on the protection of personal data subject to GDPR
• Contact for personal data
• Disclosure, etc. of personal data
• Enforcement of privacy policy
• Supplementary Provisions

1. Definition of personal data

"Personal data" refers to any information handled by IDC Frontier with which an individual customer can be directly or indirectly identified. It may include "personal information" and "special-care-required personal information".
"Personal information" refers to information relating to a living individual which falls under any of the following:

(i) That information which contains a name, date of birth, or other descriptions (meaning any and all matters stated or recorded in a document, drawing or electromagnetic record (meaning a record kept in an electromagnetic form (electronic, magnetic or other forms that cannot be recognized through human senses)) or otherwise expressed using voice, movement or other methods (excluding individual identification codes); the same shall apply hereinafter) whereby a specific individual can be identified (including that information which can be readily collated with other information to identify a specific individual); or

(ii) That information which contains an individual identification code.

"Individual identification codes" refer to any letters, numbers, symbols, or other codes which fall under any of the following and are prescribed by the Order for Enforcement of the Act on the Protection of Personal Information:

(i) Letters, numbers, symbols, or other codes into which the identifying features of a body part of a specific individual are converted for use by a computer, with which that specific individual can be identified, or

(ii) Letters, numbers, symbols, or other codes which are assigned to the use of services provided to individuals or to the purchase of goods sold to individuals, or which are stated or electromagnetically recorded on cards or other documents issued to individuals so as to be able to identify a specific user or purchaser, or recipient of issuance by assigning to, or stating or recording for, each user, purchaser or recipient, a unique set of letters, numbers, symbols or other codes.

"Special-care-required personal information" refers to that personal information containing a customer's race, creed, social status, medical history, criminal record, whether he/she has suffered damage by a crime, or other descriptions, etc. designated by cabinet orders such that the handling of which requires special care so as not to cause unfair discrimination, prejudice or other disadvantages to the customer.

The personal data to be collected by IDC Frontier includes, but is not limited to, customers' names, addresses, telephone numbers, e-mail addresses, fax numbers, dates of birth, identification numbers, videos, images, and biometric data.

2. Purpose of use of personal data

IDC Frontier will use, share with, and provide to, third parties the personal information to the extent necessary to achieve the purpose of use set forth below in providing customers with datacenter services, cloud services, hosting services and telecommunications services (including sales, provision and rental of related services and products; hereinafter collectively referred to as the "services, etc."). IDC Frontier shall not acquire personal data through fraudulent or other unlawful means.

In this context, customers include those using the services, etc. as well as those who are considering using them, have made reservations for them, and have cancelled them.

In addition, the services, etc. include campaigns, events, seminars, questionnaires, etc.

(1) Procedures and customer support

IDC Frontier will use the personal data of its customers to follow procedures and deliver customer support, etc., in ways such as follows:

• Follow procedures for processing applications for its services, etc. or services, etc. handled by it or to respond to inquiries about its services, etc. or services, etc. handled by it;
• Check if the conditions for the application are fulfilled;
• Follow procedures for processing applications (use of, change regarding, cancellation of, and other handling of, the services, etc.);
• Offer guidance when contacted about the services, etc. that the customer uses, and;
• Respond to opinions, requests, and inquiries from its customers.

(2) Service Provision

IDC Frontier will use the personal data of its customers to provide services and achieve similar objectives, in ways such as follows:

• Provide the services, etc. based on the applications as well as ancillary services, etc.;
• Perform routines necessary to provide the services, etc. based on the applications as well as ancillary services, etc.;
• Manage transactions carried out based on the applications;
• Perform construction work for, and maintenance of, its services, etc. or services, etc. handled by it;
• Prevent the occurrence of damage and accidents to, and malfunctioning of, its services, etc. and facilities or services, etc. and facilities handled by it and detect and respond to such an occurrence;
• Calculate the usage fees and the expenses necessary for the provision of the services, etc. and charge said fees and expenses (including those we are commissioned to collect and those transferred to us);
• Hold lotteries for campaigns and send prizes;
• Transfer money for the purpose of points return, etc.;
• Check the customer's subscription to its services, etc. or services, etc. handled by it;
• Check whether the customer is entitled to the privilege offered by it;
• Perform verification and authentication of the customer; and
• Prevent unlawful transactions and unauthorized uses, and respond to, and inform the customer of, such an unlawful transaction or unauthorized use when it has occurred.

(3) Improvement of service quality and development

IDC Frontier will utilize the personal data of its customers to improve the services, etc., develop new services, etc. and achieve similar objectives, in ways such as follows:

• Perform tasks and undertake research and analysis activities to improve the convenience and quality of its services, etc.;
• Perform tasks and undertake research and analysis activities to arrange and develop new services, etc. and the services, etc. suitable for its customers;
• Undertake research and marketing analysis activities to determine whether its customers are satisfied with its services, etc.; and
• Analyze the information, etc. regarding the use by its customers and customize the contents of the services, etc. in use.

(4) Announcements

IDC Frontier will use the personal data of its customers to make announcements about the services, etc., distribute recommended content and achieve similar objectives, in ways such as follows:

• Make announcements about its services, etc., affiliated services, etc. and services, etc. offered by other companies (by e-mail, DM, phone, Internet, or ad distribution/display);
• Provide information recommended to its customers (by e-mail, DM, phone, Internet, or ad distribution/display);
• Analyze information, etc. regarding the use by its customers and provide information about its services, etc., affiliated services, etc. and services, etc. offered by other companies which are recommended to them (by e-mail, DM, phone, Internet, or ad distribution/display); and
• Analyze information, etc. regarding the use by its customers and provide information recommended to them (by e-mail, DM, phone, Internet, or ad distribution/display).

To achieve the abovementioned purposes of use, IDC Frontier may provide the personal data of its customers to Softbank Corp., Yahoo Japan Corp., and other companies which it commissions to perform work. In addition, IDC Frontier will provide the personal data to partner business operators such as Nippon Telegraph and Telephone East Corporation (NTT East Japan) and Nippon Telegraph and Telephone West Corporation (NTT West Japan), for the purpose of undertaking the activities required to establish interconnection with them to provide telecommunications services, and to perform related activities. Furthermore, if a customer has concluded a contract with another telecommunications carrier while he/she is under a communication service contract with IDC Frontier, it may provide his/her personal data related to the contracted service to said telecommunications carrier under its contract terms and conditions.

3. Shared use

IDC Frontier may use personal information in a shared manner, as follows, for the purpose of the sales, provision, etc. of cloud services:

(1) Parties sharing information with IDC Frontier

IDC Frontier's group companies

(2) Personal information used in a shared manner

Names, entity names, telephone numbers, addresses, e-mail addresses, user numbers, billing addresses, age, gender, selected rate types, discounts, payment status, etc., and all other personal information obtained by IDC Frontier with respect to its customers at the time of the application and service provision, and all the personal information necessary for the activities listed in the "Purpose of shared use"

(3) Purpose of shared use

To provide customer support, including, but not limited to, responses to inquiries from customers, provision of guidance on, and information about, the use of products or services provided by the shared users

(a) Computation of charges
(b) Billing
(c) Marketing research and analysis
(d) Recommendation, etc. of IDC Frontier's or other company's products, services, and campaigns
(e) Notification of the provision of information contributing to the development of the industry providing the services, etc. and the improvement of customer service
(f) Registration, management, provision, construction and maintenance of the services, etc., and activities to deal with malfunctions including the repair of defects in facilities and software update
(g) Disclosure to discussion forums, etc.
(h) Determination of whether to provide products and services related to IDC Frontier and shared users, as well as their provision

(4) Manager of protection of personal information subject to the shared use

IDC Frontier Inc.
Katsuhisa Suzuki, President & CEO
Hibiya Park Front 20F, 2-1-6 Uchisaiwaicho, Chiyoda-ku, Tokyo

4. Means of collecting personal data and procedures

Personal data will be collected from customers through the use of application forms, direct communication with the customers (phone call, etc. *1), receipt of information through e-mail and the website, information provision by a third party which has obtained approval from the customer, or any other legitimate way. In addition, when a customer has concluded a contract with IDC Frontier while he/she is in a contract with another telecommunications carrier, IDC Frontier may acquire his/her personal data related to the service contracted with IDC Frontier from said telecommunications carrier under the contract terms and provisions of said telecommunications carrier.

The use of personal data by IDC Frontier will be limited to those cases where the data must be used for the purpose of billing, provision of customer service, network management and other transactions with the customer (i.e., those cases where IDC Frontier is requested by the customer to provide its product and/or service).

IDC Frontier will use the personal data of the customer in a fair and legitimate manner after considering whether the transaction with the customer will require the use of his/her personal data and whether the use of his/her personal data conforms to the purpose of use stated in this Privacy Policy or the purpose for which the customer provides his/her personal data to IDC Frontier. Except for those cases in which relevant laws and regulations stipulate otherwise, IDC Frontier will not sell or lend the personal data of a customer to a third party or use it as the subject of a transaction without obtaining his/her approval.

*1 Note that calls from customers made to the contact for inquiries may be recorded to accurately understand the content of the call and respond to it appropriately.

5. Third party provision

If IDC Frontier deems it necessary to disclose the personal data of its customers to its business partners (its distributors, vendors and resellers), associates and subcontractors (including those located overseas *1) for the following purposes, it may do so by sending documents or by electronic or magnetic means, etc. However, such disclosure will not be conducted unless done in full compliance with this Privacy Policy and no personal data will be disclosed to, or shared with, a third party without first obtaining express approval from the customer. This does not apply in the case that personal data needs to be disclosed to, or shared with, a third party for IDC Frontier to provide a service or product requested by the customer or that a law requires otherwise.

(1) To manage campaigns hosted by its sales agents and sales cooperative shops (hereinafter collectively referred to as "campaign hosts") and run the campaigns by granting and delivering privileges and undertaking other relevant activities, IDC Frontier may provide the personal information of the customers targeted by the campaigns (names, addresses, telephone numbers and other information with which the customers targeted by the campaigns can be identified) to the campaign hosts.

(2) To recommend or provide products, services or campaigns to the applicants or contracting persons, analyze or improve the products, services or campaigns, provide support for them, or implement other relevant activities, IDC Frontier may provide the personal information of the applicants or contracting persons (names, addresses, telephone numbers, etc.) to the business operators engaged in the recommendation, provision, analysis, improvement of, or support of, the relevant products, services and campaigns.
To ensure compliance, the personal information collected independently by the business operators engaged in the recommendation, provision, analysis, improvement of, or support of, the relevant products, services and campaigns will not be governed by the policy for handling personal information established by IDC Frontier.

(3) To provide a service co-arranged with another company, IDC Frontier may provide the personal information required for the registration for, and provision of, the co-arranged service (names, addresses, telephone numbers, e-mail addresses, dates of birth, gender, and other information, etc. necessary to identify the customer and undertake activities required for the co-arranged service) to said company.

IDC Frontier will not acquire special-care-required personal information without obtaining the prior approval of the customer unless:

• Laws and regulations require otherwise;
• It is required to protect the life, body, or property of an individual and it is difficult to obtain approval from the customer;
• It is required to improve public health or promote the sound growth of children and it is difficult to obtain approval from the customer;
• It is required to cooperate with a state organ, a local government, or an individual or business operator entrusted by either of the former two in handling the affairs prescribed by laws and regulations and the handling of said affairs may be prevented by obtaining approval from the customer;
• The relevant special-care-required personal information has already been disclosed by the customer, a state organ, a local government, any person stated in any Items of Article 76 (1) of the Act on the Protection of Personal Information, any other person prescribed by the Rules of the Personal Information Protection Commission; or
• Anything occurs which falls under a case treated by laws or ordinances as equivalent to any cases set forth in the preceding Items.

*1 Third parties located overseas
Name of the country to which the information is transferred: USA
Information about the program to protect personal information in place in the abovementioned country as confirmed by an appropriate and reasonable method: Research into programs, etc. to protect personal information in place overseas (Personal Information Protection Commission(JP))

6. Sales promotion activities targeted at customers

If IDC Frontier collects the personal data from its customer, he/she may be requested to select the means to receive promotional materials (mailing, e-mailing, phone calls, facsimile transmission, etc.) in the case that he/she agrees to receive promotional materials from it (and/or a third party). In this case, the promotional materials will be delivered by IDC Frontier using only the method selected by the customer. The customer is entitled to terminate the receipt of the promotional materials at any time if he/she disagrees to the way the personal data is used for the purpose of the provision thereof or to the way those materials are delivered. However, in the case that the customer has agreed to receive the promotional materials from a third party, he/she will be requested to directly contact said third party to terminate the receipt of the promotional materials.

7. Use of cookies

Cookies may be used by IDC Frontier's website. Cookies refer to information stored by the website on the hard drive of the computer used by the customer, and the use of cookies will enable the reproduction of part of the information about the viewer when he/she browses the website again or visits any related websites. To facilitate second and subsequent browsing sessions, promote marketing activities, and provide better services, IDC Frontier may use the cookies when the customer browses the website to record and analyze his/her personal data, identification information, use environment, access and action history, and other cookie information and use them for said objectives. Said information may be viewed retroactively going back a certain length of time defined by IDC Frontier from the time of the contact and may be shared with a third party which IDC Frontier commissions to perform work. If the customer does not wish to receive cookies from IDC Frontier's website, he/she can reject the receipt of same by changing the setting to that where he/she will receive a warning before receiving the cookies. He/she can also reject the cookies by deleting them from the browser; however, his/her history on IDC Frontier's website may be concurrently lost when adopting this method.

8. Protection of personal data

IDC Frontier will implement appropriate technical and organizational security measures to prevent any unauthorized or illegal disclosure of, or unauthorized or illegal access to, the personal data, as well as leaks, loss, impairment of the personal data by accident or illegal means, or any other damage to the personal data. These measures will ensure the security level appropriate for risks inherent in the nature of the personal data to be protected and its processing process. The personal data of the customers will be securely maintained and can be accessed only by some employees of IDC Frontier with the authority to access it. If IDC Frontier commissions a third party to handle the personal data, it will conclude an agreement with said third party to appropriately control the work performed by said third party.

9. Customers' rights to personal data maintained by IDC Frontier

IDC Frontier will maintain information about the customer only during the period that the information is operationally necessary for the purpose of use stated in this Privacy Policy. The customer may request IDC Frontier to disclose, correct, revise, make additions to, or delete his/her personal data that IDC Frontier maintains (only to the extent that the disclosure is permitted by law). Any complaints, inquiries, or requests for revision or disclosure from the customer to IDC Frontier will be faithfully handled in accordance with the relevant laws and regulations.

10. Safety management measures

IDC Frontier will take all necessary and appropriate safety management measures to manage the personal data, including those to prevent any leak or loss of, or damage to, said personal data. In addition, it will supervise persons engaged and contractors (including subcontractors) who/which will handle the personal data, in a required and appropriate manner.

(Establishment of basic policy)

• IDC Frontier has a basic policy in place to ensure that personal data is handled appropriately.

(Development of rules and regulations for handling of personal data)

• IDC Frontier defines the mode of handling, the manager and staff, their roles, etc. for each phase of acquisition, use, maintenance, provision, deletion/disposal, etc.

(Organizational safety management measures)

• IDC Frontier appoints a manager responsible for the handling of the personal data, clarifies the persons engaged in handling the personal data and the scope of the personal data handled by said persons, has a system in place to report any actual or threatened violations of the Act on the Protection of Personal Information or the Personal Information Handling Regulations to said manager.
• IDC Frontier regularly conducts self-inspections on the handling of the personal data and arranges its examination by other departments or external parties.

(Personal safety management measures)

• IDC Frontier regularly gives the persons engaged training in points to consider regarding the handling of personal data and lists particulars concerning the confidentiality of said personal data in its labor regulations.

(Physical safety management measures)

• In those locations where personal data is handled, IDC Frontier controls the entry and exit of the persons engaged, restricts the devices, etc. brought into said locations, and implements measures to prevent unauthorized persons from viewing personal data.
• IDC Frontier implements measures to prevent theft, loss, etc. of the devices, electronic media, and documents which handle the personal data and to ensure that the personal data will not be readily discovered when said devices, electronic media, etc. are transported including the case where those are moved within the office.

(Technical safety management measures)

• IDC Frontier implements access control to limit the persons in charge and the scope of personal information database, etc. to be handled.
• IDC Frontier has implemented a mechanism which protects the information system handling the personal data from unauthorized external access and unauthorized software.

(Understanding of external environment)

• IDC Frontier understands the personal information protection programs introduced overseas where it maintains personal data, and implements safety management measures in those countries based on said understanding.
• USA

11. Privacy Policy for Personal Data Subject to GDPR

THIS PRIVACY POLICY (THIS “privacy policy”) ONLY APPLIES TO PROCESSING OF PERSONAL DATA SUBJECT TO EU GENERAL DATA PROTECTION REGULATION No 2016/679 (THE “GDPR”).

(1) Our privacy policy

This Privacy Policy is an explanation by IDC Frontier. IDC Frontier to persons residing in the European Economic Area (the “EEA”) protected under the GDPR (who may include our customers) (the “Data Subject”) regarding how IDC Frontier collects and process personal data as the data controller if personal data is provided or disclosed by the Data Subject or if personal data is received or acquired through a third party. IDC Frontier processes the personal data in accordance with the GDPR (and other applicable EU and Member State regulations on data protection, if such regulations exist).

Processing of personal data in this Privacy Policy means processing of personal data of persons who are in the EEA in any of the following cases:

• (ⅰ) if carried out in connection to activities of our establishment in the EEA,
• (ⅱ) if related to the offering of goods or services to the Data Subjects, or
• (ⅲ) if related to the monitoring of the Data Subject's behavior as far as their behavior takes place within the EEA.

(2) Collection and processing of personal data

IDC Frontier will always process the Data Subject's personal data based on one of the legal bases provided for in the GDPR (Articles 6 and 7). In addition, if processing personal data that requires special care, IDC Frontier will do so in accordance with the special rules provided for in the GDPR (Articles 9 and 10).

IDC Frontier may collect and process the Data Subject's personal Data in the following cases :(ⅰ) if required in order to provide the Data Subject with adequate services and products and IDC Frontier otherwise have a legitimate interest; (ⅱ) if required in order to perform an agreement with the Data Subject or carry out procedures before execution; or (ⅲ) if IDC Frontier has obtained the Data Subject's express prior consent. In that case, IDC Frontier will give notification of the purpose of that collection and processing to the Data Subject through notification when obtaining consent, agreement, or other appropriate means.

The Data Subject is entitled to withdraw his or her consent to the collection and processing of the personal data at any time, but this withdrawal will not affect the lawfulness of processing based on the consent before withdrawal thereof.

IDC Frontier will process the Data Subject's personal data for the above specified, explicit and legitimate purposes, and will not further process the personal data in a way that is incompatible with those purposes. If IDC Frontier intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, IDC Frontier will ensure that the Data Subject is informed of this. IDC Frontier will keep personal data for as long as it is necessary for IDC Frontier to comply with our legal obligations, to ensure that IDC Frontier provides an adequate service, and to support our business activities (Articles 5 and 25(2) of the GDPR).

IDC Frontier ensure that the personal data processed shall be limited to what is adequate and necessary in relation to the purposes for which they are processed.

(3) Sharing personal data

IDC Frontier may share personal data with our group entities and with third-parties in accordance with the GDPR. Where IDC Frontier shares personal data with a data processor, IDC Frontier will put the appropriate legal framework in place in order to cover data transfer and processing (Articles 26, 28 and 29 of the GDPR). Furthermore, where IDC Frontier shares personal data with any entity outside the EEA, IDC Frontier will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Chapter 5 of the GDPR).

Collaborative Partners

Subject to the Data Subject's prior consent, personal data may be transferred to, stored, and further processed by collaborative partners that work with IDC Frontier to provide our products and services or help IDC Frontier market to Data Subjects.

Outsourcing

• IDC Frontier may outsource all or part of the personal data processing in sales services, enquiry response services, equipment maintenance services, fee related services, marketing services, and other services.
• When executing an outsourcing agreement, the eligibility of the counterparty as an outsourcee is sufficiently investigated. Safety management measures, confidentiality, conditions for the outsourcee to outsource to another party, and other matters regarding the appropriate processing of personal data are prescribed in the outsourcing agreement, and our outsourcees are appropriately supervised by implementing periodic monitoring, etc. of the outsourcing conditions.
• The personal data provided (deposited) by the outsourcer in the services outsourcing is utilized within the scope necessary to perform the agreement with the outsourcer.

Corporate Affiliates and Corporate Reorganisations

IDC Frontier may share the personal data with all corporate affiliates. In the event of a merger, corporate reorganisation, civil rehabilitation, acquisition, joint venture, assignment, transfer, sale or disposition of all or any portion of our business (including in connection with any bankruptcy or similar proceedings), etc., IDC Frontier may transfer any and all personal data to the relevant third party.

Legal Compliance and Security

It may be necessary for IDC Frontier – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside the Data Subject's country of residence – to disclose personal data. IDC Frontier may also disclose personal data if IDC Frontier determines that, for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

IDC Frontier may also disclose personal data if IDC Frontier determines in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our internal regulations, investigate fraud, or protect our operations or users.

Data Transfers

Disclosures or sharing of personal data as described above may involve transferring personal data out of the EEA. For each of these transfers IDC Frontier make sure that IDC Frontier provide an adequate level of protection to the data transferred, in particular by entering into Standard Contract Clauses as defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC and 2010/87/EU.

(4) Our records of data processes

IDC Frontier handles records of processing of personal data in accordance with the obligations established by the GDPR (Article 30), where IDC Frontier might process personal data. In these records, IDC Frontier reflects all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities in accordance with the GDPR (Article 31).

(5) Security measures

IDC Frontier processes personal data in a manner that ensures such data appropriate security (including protection against unauthorized or unlawful processing and against accidental loss, destruction damage, etc.) using appropriate technical or organizational measures to achieve this (Articles 25(1) and 32 of the GDPR).

(6) Notification of data breaches to the competent supervisory authorities

In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, IDC Frontier has the mechanisms and policies in place in order to identify it and assess the details of the breach promptly. Depending on the outcome of our assessment, IDC Frontier will make the necessary notifications to the supervisory authorities and communications to the affected data subjects (Articles 33 and 34 of the GDPR).

(7) Processing likely to result in high risk to the data subject's rights and freedoms

IDC Frontier has mechanisms and policies in place in order to identify data processing activities that may result in high risk to the data subject's rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, IDC Frontier will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational protective measures are in place in order to proceed with it.

In case of doubt, IDC Frontier will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 of the GDPR).

(8) Data subject's rights

IDC Frontier will notify the Data Subject of the details of the rights granted to the Data Subject under the GDPR when notifying the Data Subject of the purpose of processing personal data.
If the Data Subject will exercise such rights, please contact IDC Frontier at the address set forth section 11 below.

If the Data Subject is not satisfied with the way in which IDC Frontier have proceeded with any request, or if the Data Subject has any complaint regarding the way in which IDC Frontier process personal data, the Data Subject may lodge a complaint with a Data Protection Supervisory Authority.

(9) Children

If IDC Frontier collects and processes personal data from a child who is under 16 years of age or who has not reached the age limits under the laws of a Member State, IDC Frontier will process that data appropriately (Article 8 of the GDPR).

(10) Updates to privacy policy

IDC Frontier may change this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy via the Website. If IDC Frontier makes changes which IDC Frontier believes are significant, IDC Frontier will inform the Data Subject through the Website to the extent possible and seek for the Data Subject's consent where applicable.

• About GDPR initiatives in our services (PDF)

12. Contact point

Any inquiries regarding your personal data will be accepted at the following contact point:

Privacy Help Desk

Tel: +81-3-6899-2141
Available Hours: From 9:30am to 12:00pm and 1:00pm to 5:00pm (JST)
Monday through Friday (except for national holidays and during year-end and New Year)

* IDC Frontier may record the phone calls with users in order to accurately recognize and respond users' request and opinion.

13. Disclosure, etc. of personal data

You may request access to or correction of your personal data according to the following procedure:

Request for personal data access

• How to Request for Personal Data Access(JP)
• Personal Data Request Form(JP)

14. Enforcement of privacy policy

IDC Frontier establishes the position of Personal Information Protection Manager and appoints the Chief Information Security Officer to that position. The Chief Information Security Officer is responsible for ensuring that all of IDC Frontier's offices comply with this Privacy Policy. IDC Frontier also establishes a contact for personal data issues to receive questions about this Privacy Policy and inquiries and requests about its handling of the personal data and respond to them. In addition, IDC Frontier regularly conducts audits to ensure strict compliance with this Privacy Policy.

Supplementary Provisions

Revised September 15, 2023