Privacy Statement for GDPR (or UK GDPR)

NTT DATA GROUP CORPORATION’s Personal Information Protection Policy

NTT DATA GROUP CORPORATION (“we”, “us” or “our”) recognizes the importance of Personal Information and ensures the protection and safeguarding of our customers’ Personal Information as a fundamental principle of its business and its responsibility to society.

This Privacy Statement is for natural persons who are entitled under the General Data Protection Regulation or UK General Data Protection Regulation (collectively the "GDPR"). If you are a customer who is not subject to the GDPR, please refer to the separate Privacy Statement.

1.

Collection, Use, Provision, and Entrustment of Personal Information

For the purpose of this Privacy Statement, the following terms have the meanings as defined below.

  • (a)‘Personal Information’ means any information relating to an identified or identifiable natural person, including but not limited to your name, address, birth date, telephone number, e-mail address, user ID, IP address, web beacons, and other online identifiers.

  • (b)‘Processing’ means (including its correlative meanings, ‘Process’ and ‘Processed’) any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    • (1)Unless permitted by applicable laws, the scope of use of the Personal Information collected is limited to the purposes of use described below, and the Personal Information shall be Processed appropriately within this scope.

    • (2)We will Process the following Personal Information for the following purposes:

      -We will Process the Personal Information collected through the contact form on our website in order to respond to your inquiries, questions, and/or other requests.

      -We may Process the Personal Information collected through Cookies for automated decision-making purposes, including profiling in order to provide services that may be of particular interest to you and recognizing your computer when you visit our website in order to improve our website's usability. For more information, please refer to the Cookie Policy.

      In the case of Processing your Personal Information for purposes other than the bove, we will notify you in advance of such new purposes of use and other matters as required by applicable law.

    • (3)We Process your Personal Information on the following legal bases:

      -Legitimate Interests. This refers to cases where the Processing of your Personal Information is necessary for legitimate interests pursued by us or a third party, such as responding to your inquiries, and your interests and fundamental rights do not override those interests. For further details regarding legitimate interests, please contact us using our details provided in Section 7 below.

      -Consent. This refers to cases where you have given us your consent to our Processing of your Personal Information. You have the right to withdraw your consent to our Processing of your Personal Information at any time. However, the withdrawal of your consent will not affect the lawfulness of our Processing of your Personal Information based on the consent given before your withdrawal.

      -Legal Obligation. This refers to cases where we are required to comply with a legal obligation.

    • (4)Personal Information that you are to provide may be necessary in order for us to provide our services to you, and there may be cases where you are unable to use the services if you have not provided such data.

      We may provide your Personal Information to third parties such as the subsidiaries and affiliates of NTT DATA, cloud vendors and outside contractors of NTT DATA in order to implement the purposes of use specified above.

      We may provide your Personal Information to third parties located outside the EEA or the UK (including, without limitation, Japan and the US). In the case that we provides your Personal Information to a third party located in a country outside the EEA or the UK, we will ensure that the recipient destination has been subject to a finding by the European Commission that it ensures an adequate level of protection for the rights and freedoms of individuals in respect of their Personal Information, or the Government of the UK has designated the recipient destination as a country that ensures an adequate level of protection as provided under the UK General Data Protection Regulation, or that appropriate safeguards such as standard contractual clauses are provided concerning the protection of your Personal Information.

      You can obtain more details on the protections given to your Personal Information when it is transferred outside the EEA or the UK (including a copy of the standard contractual clauses that we have entered into with recipients of your Personal Information) by contacting us using our details provided in Section 7 below.

    • (5)We may entrust customers' Personal Information with authorized third parties. In all such cases, We shall select the recipient with great care from among those parties that have established a sufficient level of protection of the Personal Information and carry out necessary supervision or otherwise ensure, through a contract stipulating the level of protection to be observed, that the recipient manages the information properly.

2.

Access, Rectification, Erasure, Restriction of Processing, Data Portability and Objection of Processing

Users may request from we access to, rectification or erasure of, or restriction of the Processing of their Personal Information, and also may submit a request in relation to exercising their right to data portability. You may lodge a complaint with the data protection authorities with jurisdiction over us or the location of your domicile with regard to the Processing of your Personal Information.

You also have the right to object to our Processing of your Personal Information.

3.

Implementation of Security Measures

We implement safeguarding measures and diligently works toward preventing unauthorized access to Personal Information, as well as the loss, destruction, alteration, leakage, etc. of such information. Specific rules governing the appropriate Processing and use of Personal Information are in place, and staff are assigned to take responsibility therefor.

4.

Observance of Laws, Regulations, and Other Norms Relating to Personal Information

With respect to the observance of laws, regulations, and other norms relating to Personal Information, our officers, employees, and business partners who Process Personal Information comply with the laws, regulations, and guidelines relating to the protection of Personal Information and the privacy of communication.

5.

Retention Period

We will retain your Personal Information as long as we require such information to provide our services to you, but will promptly delete the same in case that such information is no longer necessary, except to the extent that we are required by law to retain it for a longer period of time, in which case we will retain it for the period required by law.

6.

Continuous improvements to this Personal Information Protection Policy and In-house Rules and Regulations

We make continuous improvements to this Personal Information Protection Policy and in-house rules and regulations to ensure that the protection of Personal Information as determined by socially accepted norms is conducted effectively.

7.

Inquiries as to Personal Information

In the event of any questions or concerns regarding the Privacy Statement or the Processing of your Personal Information by us, or any requests, etc., concerning access to, rectification or erasure of, or restriction of the Processing of your Personal Information, or the exercise of your right to data portability, please contact us. The contact information of us is as follows:

Toyosu Center Building, 3-3, Toyosu 3-chome, Koto-ku,
Tokyo 135-6033
NTT DATA GROUP CORPORATION Customer Desk
E-MAIL : privacy_gram.nttdata.co.jp

8.

EU Representative and UK Representative

You and the data protection supervisory authorities in the EU/EEA and you and the data protection supervisory authority (“ICO”) in the UK may also contact our data protection representatives according to Article 27 GDPR:

EU: DP-Dock GmbH, Attn: NTT DATA Group Corporation, Ballindamm 39, 20095 Hamburg, Germany

UK: DP Data Protection Services UK Ltd., Attn: NTT DATA Group Corporation, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

ntt-data-groupgdpr-rep.com

We will make every effort to respond to inquiries promptly within a reasonable scope.

Established: May 21, 2018
Last Revised: June 18, 2024

Yutaka Sasaki
President and Chief Executive Officer