Privacy Policy
SB Telecom America Corp.
CCPA Privacy Policy
Last Updated: May 1, 2024
Scope
This Privacy Notice explains how SB Telecom America Corp. (collectively, the “Company,” “we,” “our,” or “us”) collects, uses, discloses, and otherwise processes personal information within the scope of the California Consumer Privacy Act of 2018 (including amendments thereto, the “CCPA”). Although the CCPA only provides privacy-related rights and obligations with respect to residents of California, referred to throughout as “consumers”, this Privacy Notice shall also apply to those who reside in U.S. states other than California other than our employees (including full- or part-time employees, officers, directors, owners, contractors or other staff and job applicants).
Unless otherwise expressly stated, all terms in this Privacy Notice have the same meaning as defined in the CCPA.
Assistance For Disabled Persons
Alternative formats of this Privacy Notice are available to individuals with a disability. Please email the Privacy Security Team for assistance at the following address: stsgrp-privacyus@g.softbank.co.jp.
What is personal information?
When we use the term “personal information”, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, which information the Company collects.
For the purposes of this Privacy Notice, personal information does not include the following:
- Publicly available information from government records.
- Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.
- Information excluded from the CCPA’s scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act or clinical trial data.
- Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.
Our Collection and Use of Personal Information
The below table specifies all categories of personal information which we collect or have collected in the past twelve (12) months, from California residents who interact with our website and/or apply for a job with us, and for each category of personal information, the sources from which we collect such information and our commercial and/or business purposes for its collection and use.
|
Categories of Personal Information Collected |
Categories of Sources |
Commercial and/or Business Purposes for Collection and Use of Personal Information |
|
Identifiers, such as full name, home address, email address, telephone number, IP address, etc. |
|
Business Purposes
|
|
Other identifiers, such as passport no., visa no., bank account no. |
|
Business Purposes
|
|
Personal information categories listed in the California Customer Records (Cal. Civ. Code § 1798.80(e)), such as full name, social security number, etc. |
|
Business Purposes
|
|
Internet or other electronic network activity information, such as information regarding interactions with our website. |
|
Business Purposes
|
|
Geolocation data, such as IP address |
|
Business Purposes
|
|
Professional/Employment Information, such as job title/role, employment history, salary, etc. |
|
Business Purposes
|
|
Biometric information, including video and voice recordings |
|
Business Purposes
|
|
Non-Public Education Information (20 U.S.C. § 1232g, 34 C.F.R. Part 99), such as academic transcripts, educational disciplinary records, academic counseling records, etc. |
|
Business Purposes
|
|
Inferences, such as character determinations made during interviews. |
|
Business Purposes
|
Retention of Personal Information
We retain each category of personal information for only so long as is reasonably necessary to achieve the purpose(s) disclosed above, or as required by applicable law or regulation.
Disclosure and Sale/Sharing of Personal Information
In the last twelve (12) months, we have not sold or shared personal information about you, but we have, at times, disclosed certain categories of personal information for business purposes. In the last twelve (12) months, we have disclosed for a business purpose the categories of personal information to the categories of third parties, listed below.
|
Category of Personal Information |
Disclosures for a Business Purpose & Categories of Recipients |
|---|---|
|
Identifiers |
Recruiting agencies (for hiring) Data storage service provider (for keeping in a secured manner) |
|
Personal information categories listed in the California Customer Records (Cal. Civ. Code § 1798.80(e)) |
Data storage service provider (for keeping in a secured manner) |
|
Internet or other electronic network activity information |
No disclosure |
|
Geolocation data |
No disclosure |
|
Professional/Employment Information |
Data storage service provider (for keeping in a secured manner) Affiliated group companies (for evaluation and mobility process and corporate governance |
|
Non-Public Education Information (20 U.S.C. § 1232g, 34 C.F.R. Part 99) |
Recruiting agencies (for hiring) Data storage service provider (for keeping in a secured manner) |
Minors Under Age 16
Except in limited circumstances which are disclosed above, we do not intentionally or knowingly collect the personal information of consumers less than 16 years of age. Furthermore, we do not and will not “sell” or “share” the personal information of consumers we know to be less than 16 years of age.
Your Privacy Rights
You may be able to exercise the following rights in relation to the personal information that we have collected about you (subject to certain limitations at law):
|
The Right to Know |
You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed, upon verification of your identity:
|
|
The Right to Request Deletion |
You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions and following verification of your identity. |
|
The Right to Request Correction of Inaccurate Personal Information |
You have the right to request the correction of any inaccurate personal information which we might maintain about you, taking into account the nature of the personal information and our processing purposes, and following verification of your identity. |
|
The Right to Opt-Out of Sale/Sharing |
You have the right to direct us not to sell or share personal information we have collected about you to third parties now or in the future. If you are under the age of 16, the CCPA provides you with the right to “opt in” to sales or sharing of personal information by providing consent, or to have a parent or guardian provide verifiable consent on your behalf. Please note that we do not sell or share the personal information of consumers who we know to be less than 16 years of age. |
|
The Right to Limit Use and Disclosure of Sensitive Personal Information |
In certain cases, the CCPA provides you with the right to direct us to limit our use and disclosure of your sensitive personal information to specified uses and purposes prescribed by law. Sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer is not subject to the right to limit. |
|
The Right to Non-Discrimination |
You have the right not to receive discriminatory treatment or retaliation for exercising any of the rights described above. However, please note that if your exercise of the rights described above limits our ability to process personal information (such as in the case of a deletion request), fulfilment of that right may mean that we are no longer able to provide you with our products or services or engage with you in the same manner. |
How to Exercise Your Privacy Rights
How To Exercise Your Right to Know, Right to Correction or Right to Deletion
To exercise your right to know, right to correction and/or right to deletion, please submit a request by:
- Emailing our Privacy Security team at stsgrp-privacyus@g.softbank.co.jp with the subject line “Privacy Rights Request”
- Calling 1-866-I-OPT-OUT (1-866-467-8688) and entering service code 1774#
- Sending your request from the form.
SUBMITTING A REQUEST THROUGH YOUR AUTHORIZED AGENT
You may have the option to designate an authorized agent to submit a request on your behalf, so long the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us. If you would like to designate an agent, your agent must register as such with the California Secretary of State and submit a copy of this registration along with your consumer request to us. We may need to contact you directly to verify the request.
HOW WE VERIFY YOUR REQUEST
We cannot fulfill your request or provide you with your personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.
To verify your identity, we will ask that you provide the following personal information when you submit your request:
- First Name
- Last Name
- Email Address
- Mobile Phone Number
- Address
- City
- State
- Zip Code
You may need to provide additional information as part of your responses to our identity verification questions. We will only use this information to confirm your identity. Depending on your type of request or the information requested by you, we may require additional information in order to verify your identity and fulfill your request.
If we cannot successfully verify your identity, we will inform you of that fact.
We will respond to your request within forty-five (45) days. However, in certain circumstances, we may require additional time to process your request, as permitted by the CCPA or other applicable law. We will advise you within forty-five (45) days after receiving your request if such an extension is necessary and why it is needed. Any disclosures we provide will only cover the 12-month period preceding our receipt of your verifiable consumer request.
If we cannot fulfill your request, our response to you will also explain the reason why we cannot fulfill your request.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
You may only make a verifiable consumer request to know about or access your personal information twice within a 12-month period.
How To Exercise Your Right to Opt-Out of Personal Information Sales or Sharing and to Limit the Use of Your Sensitive Personal Information
As explained above, we do not currently sell or share your personal information, as such terms are defined by the CCPA. However, if at any point we begin selling or sharing your personal information to or with third parties (a change which will be reflected in this Privacy Notice), then you have a right to opt-out of such sales/sharing activities. Unless you exercise this right to opt-out of sales/sharing, the third parties to or with whom we may, in the future, sell or share personal information may then use such information for their own purposes in accordance with their own privacy policies, which might include further reselling or resharing this information to/with additional third parties.
Furthermore, we do not collect, use or disclose your sensitive personal information for purposes other than those authorized under CCPA Section 1798.121(a). In other words, we do not collect, use or disclose your sensitive personal information except to the extent reasonably necessary and proportionate to do our businesses. However, if at any point we begin using or disclosing your sensitive personal information for additional business or commercial purposes which are subject to the right to limit (which change(s) will be reflected in this Privacy Policy), then you will have the right to limit our use and disclosure of your sensitive personal information. Please note, however, that sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer is not subject to the right to limit under the CPRA.
Updates to This Privacy Notice
We will update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the “Last Updated” date at the beginning of this Privacy Notice.
Contact Us
If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to our Privacy Security team at stsgrp-privacyus@g.softbank.co.jp.
Alternatively, inquiries may be addressed to:
SB Telecom America Corp.
Privacy Security Team
12130 Millennium Drive 3F
Los Angeles, CA 90094
EEA/UK Privacy Policy
Last updated: May 1, 2024
01 Our EEA/UK Privacy Policy
The protection of your personal data is of great importance to SB Telecom America Corp. (“STA”, “we”, “us”), a subsidiary of the SoftBank Corp. This EEA/UK privacy policy (the “EEA/UK Privacy Policy”) therefore intends to inform you who are in the European Economic Area (“EEA”) or the United Kingdom (the “UK”) about how we collect, use, share, store and otherwise process your personal data when you use our website (“Site”), in connection with your relationship with us as a STA customer/recipient of our services, vendor or your general interest in our services. It also explains your rights under applicable data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), the United Kingdom General Data Protection Regulation, which is the GDPR as incorporated into UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and amended by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (“UK GDPR”).
If you have any queries or comments relating to this EEA/UK Privacy Policy, please contact sbtmgrp-gdpruk@g.softbank.co.jp.
02 Who is responsible for your personal data?
Where the GDPR or the UK GDPR applies to the processing of your personal data, and you are a visitor to the Site, the data controller for your personal data is STA, unless we advise you otherwise. The data controller decides how personal data about you is processed.
In providing you with digital marketing support services, we work closely with SB Telecom Europe Limited (“SB Telecom Europe”), established in WeWork 184 Shepherds Bush Road, London W6 7NL, United Kingdom. In this regard, SB Telecom Europe and we jointly determine the purposes and means of processing of your personal data. Therefore, SB Telecom Europe and we are acting as joint controllers responsible for the protection of your personal data.
Upon your requests, the respective roles and relationships of the joint controllers vis-à-vis the data subjects will be made available to you.
03 How do we use your personal data?
We always process your personal data based on one of the legal bases provided for under the GDPR/UK GDPR. In addition, we process your sensitive personal data, for example, data concerning your trade union membership, religious views, or health condition in accordance with the special rules provided for under the GDPR/UK GDPR.
In providing digital marketing support services and system integration/network integration services and solutions, we may collect and process personal data of employees and/or other staff members of our customers and suppliers for the purposes detailed below, which are required for us to pursue our legitimate interests:
- to have business communications with you such as business discussions and provision of our products and services;
- to conduct administrative matters associated with transactions with customers properly;
- to inform you about our policies and terms;
- to maintain the proper functioning and to promote safety and security of the websites, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies;
- to provide, improve, and develop our products, services, and advertising;
- to use personal information for purposes such as data analysis, research, and audits;
- to ensure business continuity;
- to ensure that content from our site is presented in the most effective manner for you;
- to notify you about changes to our service(s);
- to manage your customer account;
- to claim, prove and defend our legal interests; and
- to respond to legal obligations or demands to which we are subject.
In very specific circumstances such as the processing for the purposes below, we rely on your consent to process your personal data.to carry out marketing activities such as sending newsletters; and
- to conduct digital marketing of the DMFA website and to analyze website access.
04 What types of personal data do we use?
We process the following categories of personal data for the respective categories of data subjects.
|
Categories of data subjects |
Sources |
Categories of personal data |
|---|---|---|
|
|
|
05 Who do we share your personal data with?
We may share your personal data with SoftBank Corp.’s affiliates and with third parties in accordance with the GDPR/UK GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing. Furthermore, where we share your data with any entity outside the EEA/UK, we will put the appropriate legal framework in place, notably controller-to-controller and controller-to-processor Standard Contractual Clauses approved by the European Commission for the EEA as well as the UK International Data Transfer Agreement and UK International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses for international data transfers, in order to cover such transfers.
Strategic Partners
Subject to your prior consent, your personal data may be transferred to, stored, and further processed by strategic partners that work with us to provide our products and services or help us market to customers.
Service Providers
We share your personal data with companies which provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, fulfilling your orders, processing payments, data analytics, providing customer service, and conducting customer research and satisfaction surveys. These companies include Lead Forensics Platform, Hubspot CRM, MailChimp, OrangeScape (United States and other jurisdictions), Box (United States and other jurisdictions), and Google (United States and other jurisdictions).
SoftBank Corp. Affiliates and Corporate Business Transactions
We may share your personal data with SoftBank Corp. affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.
Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
Data Transfers
Such disclosures may involve transferring your personal data out of the United States to the following countries: Japan, the EEA and the UK. Such transfer may take place for internal reporting, management and business purposes. For each of these transfers, we are based on the European Commission’s adequacy decisions on Japan and the UK respectively. For the transfer to the EEA, the data transfer restriction under the GDPR is not triggered because that transfer is not concerning one outside the EEA.
06 Our records of data processes
We handle records of all processing of personal data in accordance with the obligations established by the GDPR/UK GDPR, both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the law and cooperate with the supervisory authorities as required.
07 Security measures
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organizational measures to achieve this level of protection.
We retain your personal data for as long as it is necessary to fulfill the purposes outlined in this EEA/UK Privacy Policy unless a longer retention period is required or permitted by law.
08 Notification of data breaches to the competent supervisory authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you.
09 Processing likely to result in high risk to your rights and freedom
We have mechanisms and policies in place in order to identify data processing activities that may result in a high risk to your rights and freedom. If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR/UK GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent data protection supervisory authorities in order to obtain their advice and recommendations.
10 Your rights
Provided that certain conditions are met, you have the following rights regarding personal data collected and processed by us.
- Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information.
- Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data. You may also have the right to obtain from us the erasure of personal data concerning you without undue delay when certain legal conditions apply.
- Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of personal data when certain legal conditions apply.
- Object to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply.
- Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance when certain conditions apply.
- Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you when certain conditions apply.
- Withdraw consent: In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you intend to exercise such rights, please refer to the contact section below.
If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with data protection supervisory authorities such as the UK Information Commissioner’s Office and the Northline-Westphalia State Data Protection Supervisory Authority.
11 Children
Our products and services are intended for adult customers. Thus, we do not knowingly collect and process information on children under sixteen (16). If we discover that we have collected and processed the personal data of a child under sixteen (16), or the equivalent minimum age depending on the concerned jurisdiction, we will take steps to delete the information as soon as possible. If you become aware that a child under sixteen (16) has provided us with personal data, please contact us immediately by using the contact address specified under this EEA/UK Privacy Policy.
12 Links to other sites
We may propose hypertext links from the Website to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.
13 Updates to privacy policy
Contact
For any questions or requests relating to this Privacy Policy, you can contact us by email sbtmgrp-gdpruk@g.softbank.co.jp.