NTT Security Holdings Corporation Privacy Policy

Effective Date: April 1, 2022

1. INTRODUCTION

1.1 Purpose

NTT Security Holdings Corporation (“NTT,” “we,” or “us”) recognizes that your privacy is very important and takes it seriously. This Privacy Policy (“Policy”) describes NTT’s policies and procedures on the collection, use, and disclosure of personal information collected through any of our websites and or our various web security solutions (“Services”). We will not use or share your personal information with anyone except as described in this Policy.

1.2 Scope

This Policy is intended to meet requirements globally, including those in North America, Europe, APAC, and other jurisdictions. This Policy does not apply to information we collect by other means (including offline) or from other sources.

This Policy applies to all of NTT’s operating divisions, branches, and subsidiaries, and any additional entities directly controlled by NTT that we may subsequently form.

 

2. INFORMATION WE MAY GATHER FROM YOU

The types of personal information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with NTT and the requirements of applicable law. Some of the ways that NTT may collect personal information include:

 2.1 Information You Provide Directly to Us

  • Inquiries and Requests– We may provide you with the opportunity to contact us via e-mail or chat to ask questions, request information and materials, register or sign up for guides, seminars, or training classes, or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our Services. To facilitate this request, we may request additional personal information from you, such as your name, telephone number, and other contact information, to help us satisfy your request.
  • Service Enrollment –If you choose to enroll for one of our Services, we may require, without limitation, your name, address (including country, city and state), telephone number, e-mail address, credit card number, bank account information, IP address, IP range, domain name(s), or Web Application URL(s). The types of information required to fulfill a service request depend on the types of Services being requested.
  • Statistical Information about Your Visit – We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile advertising identifiers, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services.
  • Surveys – From time to time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings.
  • Human Resources Data – NTT collects personal information from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a resumé or application form, language abilities, contact information of Third Parties in case of an emergency, and beneficiaries under any insurance policy.
    We may also collect Sensitive Human Resources Data such as the need for a leave of absence due to a disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, which helps us achieve our diversity goals. We acquire, hold, use, and process Human Resources-related personal information for a variety of business purposes that may include, but are not limited to the following:
    • Workflow management, including assigning, managing and administering projects;
    • Human Resources administration and communication;
    • Payroll and the provision of benefits;
    • Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
    • Job grading activities;
    • Performance and employee development management;
    • Organizational development and succession planning;
    • Benefits and personnel administration;
    • Absence management;
    • Helpdesk and IT support services;
    • Regulatory compliance;
    • Internal and/or external or governmental compliance investigations;
    • Internal or external audits;
    • Litigation evaluation, prosecution, and defense;
    • Diversity and inclusion initiatives;
    • Restructuring and relocation;
    • Emergency contacts and services;
    • Employee safety;
    • Compliance with statutory requirements;
    • Processing of Employee expenses and travel charges; and
    • Acquisitions, divestitures, and integrations.

2.2  Information from Other Sources.

We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to NTT and to enhance our ability to provide you with information about our business, products, and Services.

2.3  Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising

We, as well as Third Parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services.  For additional information regarding such Technologies, please review our Cookie Policy.

 

3. HOW WE USE YOUR INFORMATION

3.1  Business Information

Generally, we use the personal information we receive to:

  • Provide the Services, respond to inquiries or send you administrative messages regarding the operation and use of the Services;
  • Personalize and improve the Services;
  • Monitor and analyze usage and trends of the Services;
  • Send communications related to the Services;
  • Process any transactions initiated by you;
  • For any other purpose for which the information was collected;
  • To meet our legal obligations;
  • For audit and reporting purposes;
  • To perform accounting and administrative tasks;
  • To respond to requests for information by competent public bodies and judicial authorities;
  • To respond to inquiries we receive from you or your company or organization;
  • To enforce or manage legal claims;
  • To deliver promotional and other communications, including periodically contacting you with offers and information about our products, services, features, and events and sending you newsletters or other information about topics that we believe may be of interest; conducting online surveys; and otherwise promoting our products, services, features, and events; and

 3.2  Human resources information

With regard to personal information we receive in connection with the employment relationship:

  • we will use such personal information only for employment-related purposes as more fully described in this Policy; and
  • if we intend to use this personal information for any other purpose, we will provide the individual with an opportunity to opt out of such uses.

3.3  Additional Uses Aligned with Our Legitimate Interests

In addition, we may use your personal information for the following purposes for which we have a legitimate interest:

  • Processing for research purposes (including marketing research);
  • Disclosure to affiliated organizations;
  • Network and information security (e.g., server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.);
  • Physical security;
  • Enforcement of legal claims including debt collection via out-of-court procedures;
  • Prevention of fraud, misuse of services or money laundering;
  • Employee monitoring for safety or management purposes;
  • Whistle-blowing schemes;
  • Processing for historical, scientific or statistical purposes.

3.4 Instances Where We May Share Personal Information

  • General: We will share your personal information with Third Parties only as described in this Policy.  We do not sell your personal information to Third Parties.
  • Vendors and Service Providers: In some cases NTT may share personal information with our vendors and service providers who assist us to collect, use, analyze, and otherwise process information on our behalf. It is our practice to require such entities to handle information in a manner consistent with NTT’s policies and to use your personal information only as necessary to provide these services to us.
  • Business Partners: NTT may share personal information with our business partners and affiliates for their internal business purposes or to provide you with a product or service that you have requested. NTT may also provide personal information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with NTT’s. We require our affiliates and business partners to agree in writing to maintain the confidentiality and security of personal information they maintain on our behalf and not to use it for any purpose other than the purpose for which NTT provided it to them.
  • To Protect Ourselves or Others: We may access, preserve, and disclose your personal information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce NTT policies or contracts; (v) to collect amounts owed to NTT; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
  • Merger, Sale, or Other Asset Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. Should such an event occur, NTT will endeavor to direct the transferee to use personal information in a manner that is consistent with the Policy in effect at the time such personal information was collected.
  • NTT Supported Blogs and Forums: If you use a blog or forum, or other chat tool on this website, you should be aware that any personal information you submit there can be read, collected, or used by other users of those forums, and could be used to send you unsolicited messages. NTT is not responsible for the personal information you choose to submit in these forums. You are also responsible for using these forums in a manner consistent with the applicable Terms of Use or other terms and conditions set forth on the relevant forum site. To request removal of your personal information from our blog or community forum, by contacting us as described in the “How to Contact Us” section below. In some cases, we may not be able to remove your personal information, in which case we will let you know that we are unable to do so and why.
  • Testimonials: We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact the NTT Privacy Contact as described in the “How to Contact Us” section below.
  • Social Media Widgets: Our website may include social media features, such as the Facebook “Like” button and widgets, and the “Share This” button or interactive mini-programs that may run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a Third Party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing the feature.
  • Data Transfers: All personal information collected via or by NTT may be stored anywhere in the world, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your personal information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to NTT, you consent to the storage of your personal information in these locations.
  • Cross border transfers: As a global company, NTT may transfer your personal data to countries where we do business or to international organizations in connection with the purposes identified above and in accordance with this Privacy Policy. For individuals in the EEA or Switzerland: Your personal information will be stored within the European Economic Area (the “EEA”) or Switzerland. Where we transfer your personal data from a location within the EEA or Switzerland to a country or international organization outside the EEA or Switzerland and that country or international organization does not provide a level of protection for personal data which the European Commission (“Commission”) deems adequate, we use and adhere to the standard contractual clauses (“SCCs”) approved by the Commission to legitimately transfer personal data. You may obtain a copy of these measures by contacting us as described in the “How to Contact Us” section below.

 

4. YOUR CHOICES

Where you have consented to NTT’s processing of your personal information, you may withdraw that consent at any time and opt out of further processing by following the instructions in this section. Even if you opt out, we may still collect and use non-personal information regarding your activities on our websites and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.

 

4.1  Email and Telephone Communications

If you would like to discontinue receiving promotional communications from us, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you.

Note that even if you opt out, you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain communications regarding NTT and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms of Service or this Policy, information regarding the security, initial use, expiration, product enhancement or migration of our products or services from this site).

We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.

4.2  “Do Not Track”

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. NTT does not recognize or respond to browser-initiated DNT signals. For information about “do-not-track”, please visit http://www.allaboutdnt.org/.

4.3  Cookies and Interest-Based Advertising

You may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile ads via their device settings.

The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.aspor http://www.youronlinechoices.eu/  and www.aboutads.info/choices/. You can also choose not to be included in Google Analytics here.

To be clear, whether you are using our opt-out or an online industry opt-out, these cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your computer browser, that opt-out will not be effective on your mobile device. You must separately opt out on each device. Advertisements on Third Party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites.  These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.

 

5. THIRD-PARTY LINKS

Our website may contain links to other websites for news and other information. Our Policy only applies to the NTT website and we are not responsible for the privacy practices or the content of other websites. You should check the privacy policies of those sites before providing your personal information to them.

 

6. YOUR PRIVACY RIGHTS

In accordance with applicable law, you may have the following rights:

  • the right to rectify inaccurate personal data we hold about you without undue delay, and taking into account the purposes of the processing, to have incomplete personal data about you completed;
  • the right to ask us to erase your personal data (the right to be forgotten) without undue delay in certain circumstances;
  • the right to restrict the processing of your personal data in certain circumstances;
  • the right to receive your personal data from us in a structured, commonly used and machine-readable format and to transmit your personal data to a third party without obstruction (right to data portability) in certain circumstances;
  • where we process personal data based on your consent, you have the right to withdraw your consent at any time for future processing;
  • where we process your personal data based upon our legitimate interests or those of a third party, you have the right to object to the processing of your personal data at any time (including to any profiling);
  • where we process your personal data for direct marketing purposes, you have the right to object to processing of your personal data at any time, including profiling to the extent that it is related to such direct marketing;
  • the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you;
  • the right to opt in or opt out of the sale of your personal information to Third Parties, if applicable, where such requests are permitted by law;
  • if you are a California resident, you also have the right not to receive discriminatory treatment by us for the exercise of your rights conferred by the California Consumer Privacy Act.

6.1 Exercising these Rights

If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below.

Although NTT makes good faith efforts to provide individuals with access to their personal information, there may be circumstances in which NTT is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If NTT determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, NTT will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.

 

7. DATA RETENTION

NTT will retain personal information for as long as needed to provide Services or as otherwise permitted by law. NTT will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

 

8. SECURITY 

We consider the protection of all personal information we receive as critical. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering the Services using the Transport Layer Security (TLS) protocol.

 

9. CHILDREN’S PRIVACY

 Because of the nature of our business, this website is not designed to appeal to children under the age of 13 (or 16 in certain jurisdictions) and we do not knowingly request or receive any information from children under the age of 13 (or 16 in certain jurisdictions). If you learn that your child has provided us with personal information without your consent, you may alert us at privacyoffice@global.ntt. If we learn that we have collected any personal information from children under 13 (or 16 in certain jurisdictions), we will promptly take steps to delete such information and terminate the child’s account.


10. CALIFORNIA PRIVACY RIGHTS

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. NTT does not share personal information with third parties for their own marketing purposes.

 

11. CHANGES TO THIS POLICY

We may update this Policy to reflect changes to our information practices. If we make any material changes we may notify you by email or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

 

12. REDRESS/COMPLIANCE

12.1   Redress

If you are an EU citizen and feel that NTT is not abiding by the terms of this Policy or is not in compliance with the Standard Contractual Clauses, if applicable, please contact us as described in the “How to Contact Us” section below.

In addition, you may lodge a complaint with a data protection supervisory authority if you believe that your data protection rights relating to your personal data have been breached by NTT or that your personal data has been compromised in some way. A list of data protection authorities is available at https://ec.europa.eu/newsroom/article29/items/612080

12.2   Compliance

This Policy shall be implemented by NTT and all its operating divisions, branches and subsidiaries, and any additional entities directly controlled by NTT that we may subsequently form. NTT has put in place mechanisms to verify ongoing compliance with Standard Contractual Clauses and this Policy. Any Employee who violates these privacy principles will be subject to disciplinary procedures.

 

13. HOW TO CONTACT US

If you have questions about this Policy or would like to exercise any of your rights described in this Policy, please contact us at:

email: privacyoffice@global.ntt.

 

14. DEFINITIONS

The following capitalized terms shall have the meanings herein as set forth below.

Agent” means any Third Party that Processes personal information pursuant to the instructions of, and solely for, NTT or to which NTT discloses personal information for use on its behalf.

Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of NTT or its subsidiaries worldwide.

Process” or “ Processing” means any operation which is performed upon personal information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Sensitive Data” or “ Sensitive Personal Information” is a subset of personal information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes personal information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.

“Standard Contractual Clauses” is a data transfer mechanism described in Article 46(2)(c) of the General Data Protection Regulation (GDPR) and approved by the EU Commission Decision 2010/87/EU on February 5, 2010 and includes any successor standard contractual clauses that may be adopted pursuant to an EU Commission decision.

Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, NTT or NTT’s Agents.