Personal Data Protection Policy

SoftBank Corporation (hereinafter referred to as “SoftBank”) handles the personal data of our customers and various other stakeholders (hereinafter collectively referred to as “Customers, etc.” SoftBank pays close attention to the handling of personal data of our Customers, etc. and endeavors to give due consideration to the rights of Customers, etc. In addition to thoroughly complying with the following laws and regulations, guidelines set by the government, and other norms, we have joined an accredited personal information protection organization (Japan Data Communication Association) as a covered business operator and are taking the initiative in protecting privacy.

  • Act on the Protection of Personal Information (also known as the Personal Information Protection Act)
  • Telecommunications Business Act (provisions on confidentiality of communications)
  • Guidelines for Protection of Personal Information in Telecommunications Business
  • Personal information protection management systems -- Requirements (JIS Q 15001)

1. Systems to Protect Personal Data

Organization

SoftBank has built a company-wide system to protect the personal data of Customers, etc. SoftBank has assigned persons responsible from the three perspectives of data management, information security, and information systems to manage personal data in an integrated manner.

  • Chief Information Security Officer (CISO): Evaluates information security risks and enacts countermeasures.
  • Chief Information Officer (CIO): Builds and operates information systems and realizes optimal IT governance.
  • Chief Data Officer (CDO): Supervises the proper use of personal data. Takes on the role of personal information protection manager.

Rules

SoftBank has established internal rules regarding the handling of personal data and has set clear policies. SoftBank will thoroughly communicate a strict stance against leakage, loss, or damage of personal data (hereinafter referred to as “Leakage, etc.”) internally and take appropriate measures including disciplinary action based on rules of employment in the event of any Leakage, etc.
In addition, in order to handle personal data appropriately, SoftBank conducts annual training for all of our employees and temporary staff who handle personal data.

Outsourcing

SoftBank may outsource all or part of the handling of personal data in responding to inquiries for various services, equipment maintenance, fee-related work, or other work.
SoftBank requests the outsourcing companies (including supplier companies) to compliance our privacy policy. When executing an outsourcing contract, SoftBank thoroughly examines the suitability of the contractor. Safety control measures, confidentiality, conditions for outsourcing, and other matters related to the proper handling of personal data are stipulated in the outsourcing contract. During the outsourcing period, SoftBank appropriately supervises contractors by regularly monitoring the business conditions.
Personal data provided (deposited) by a consignor in connection with the consignment of business will be used to the extent necessary to achieve the purpose of the contract concluded between the consignor and SoftBank.

2. Security Measures

In order to prevent the Leakage, etc. of personal data, SoftBank takes necessary and appropriate safety management measures such as access control, take-out restrictions, and measures to prevent unauthorized access from the outside.
In order to make security measures effective, SoftBank thoroughly complies with the personal information protection management system and carries out risk assessments on a regular basis. When a risk is discovered, SoftBank takes appropriate measures and conducts monitoring to minimize the risk. There is also a system in place to internally audit whether personal data is properly protected.

3. Protection of Privacy and
Consideration for Customers, etc.

Appropriate acquisition, use, provision, publication, etc. of personal data

In consideration of privacy, SoftBank limits the acquisition, use, and provision of personal data.
When acquiring personal data, SoftBank clarifies the purpose of use and use legal and fair means such as in writing on application forms and the like, on screen on websites and the like, and verbally. In addition, SoftBank uses, provides, discloses and so forth personal data in an appropriate manner, while taking into consideration the content and scale of the business. In particular, the handling of sensitive information is based on the consent of the individual and limited to the extent necessary for business execution, except when stipulated by law.

In addition, personal data is retained for the period required to achieve the purpose of use (including the period stipulated by law).

When SoftBank receives personal data from a third party, we handle it in accordance with the conditions stipulated in the contract separately executed between the provider and SoftBank while complying with laws and regulations and respecting the privacy principles of the provider.
When a government agency requests personal information, the CDO confirms the validity of the request. When using personal data or providing to a third party, SoftBank obtains the consent of the individual as required by law.

In the event of human rights violations related to personal data, we will promptly investigate and take necessary corrective actions. In the event of human rights violations related to personal data as a result of providing personal data to a third party, SoftBank will take necessary measures such as setting up a point of contact to provide remedies to affected individuals.

Handling of communication information

SoftBank strictly manages personal data related to confidentiality of communications. We do not acquire, store, use, or provide information pertaining to confidentiality of communications such as communication history, call history, caller information, etc., except when necessary to provide telecommunications services, when the customer has given consent, when required by law, or when there is some other reason to deter unlawful activity.

Information pertaining to confidentiality of communications is promptly deleted after handling.

When providing telecommunications subscriber information to third parties, including outsourcing contractors, we comply with Article 4 of the Telecommunications Business Law and other related provisions regarding the protection of confidentiality of communications.

Privacy Impact Assessment

When SoftBank utilizes personal data, a team of experts that includes an outside expert evaluates not only with respect to laws and regulations, but also from multiple perspectives such as the merits to Customers, etc., contribution to society, and disadvantages and negative sentiment caused for Customers, etc., and confirms that the content provides safety and security to Customers, etc.

4. Reporting and Future Efforts

In fiscal 2022, there were no legal violations reported to the authorities such as leaks of personal information, use outside of intended purpose, or complaints.
We will continue to review and make improvements in order to protect the personal data of our Customers, etc.

5. Other

Revisions

SoftBank may revise all or part of the contents of the Personal Data Protection Policy.
If there are important changes, we will announce such changes in an easy-to-understand manner on our website.

Applicability of the Personal Data Protection Policy

The Personal Data Protection Policy applies to all subjects of personal data acquired by SoftBank, such as employees of business partners and Employees, etc. of SoftBank as well as our customers.
The Personal Data Protection Policy applies to all personal data acquired by SoftBank unless otherwise specified in each section.

Supplementary Provision

  • This Personal Data Protection Policy is effective from April 1, 2005.
  • These revised provisions are applicable as of April 1, 2022.
  • Please see here* for the revised provisions up to now.
    * Japanese Only

SoftBank Corp.
1-7-1 Kaigan, Minato-ku, Tokyo
Junichi Miyakawa, President and CEO