AT&T Japan, Ltd., AT&T Japan K.K., and AT&T Japan LLC (hereinafter referred to as the “Companies”) will establish the following privacy policy:

（Compliance）

１． The Companies shall comply with the Law concerning the Protection of Personal Information, the provisions of the Telecommunications Business Law that relate to the privacy of communication and other related laws and regulations, the Guidelines concerning the Protection of Personal Information in the Telecommunications Businesses (hereinafter referred to as the “Guidelines”), AT&T Privacy Policy, and this Privacy Policy, when they obtain, use, and otherwise handle information (hereinafter referred to as “Personal Information”) that enables identification of customers, business partners, etc. (hereinafter referred to as “Customers”).

（Specification and Announcement of Objectives of Use）

２． The Companies shall specify to the greatest extent possible and announce in advance the objectives of use of the Personal Information on Customers they obtain. When they obtain Personal Information included in contracts and other documents directly from Customers, they shall clearly inform them in advance of the objectives for the use of such information.

（Use of Information within the Range of the Objectives of Use）

３． The Companies shall handle Personal Information on Customers within the range necessary to attain the objectives of use specified and announced in advance. However, in cases based on the provisions of laws and regulations, the Companies may handle PersonalInformation on Customers (excluding information that involves the privacy of communication) beyond the range necessary to attain the objectives of use specified and announced in advance.

（Period of Preservation）

４． The Companies shall determine the period for the preservation of Personal Information on Customers within the range necessary to attain the objectives of use, and will erase such information without delay after the period of preservation expires or the objectives of use are attained. This shall not apply, however, in cases based on the provisions of laws and regulations.

（Security Management）

５． The Companies shall strive to ensure the accuracy of Personal Information on Customers and keep it up-to-date and also take necessary and appropriate security management measures to protect such information from unauthorized access, falsification, leakage, loss, and damage.

（Supervision over Employees）

６． The Companies shall exercise necessary and appropriate supervision over their employees to ensure the security management of Personal Information on Customers. They shall also provide their employees with education and training necessary to ensure the appropriate handling of Personal Information.

（Supervision over Contractors）

７． The Companies may outsource all or part of the handling of Personal Information on Customers to third parties ,among the companies and other than these three, within the range of the objectives of use. In this case, when they choose contractors, they shall confirm that the contractors handle Personal Information appropriately and also demand that they handle Personal Information on Customers appropriately by, for example, including provisions concerning the appropriate handling of Personal Information in their outsourcing agreements. The Companies shall also exercise necessary and appropriate supervision over the contractors by, for example, including provisions of audit for the handling of such information in the agreements.

（Provision of Information to Third Parties）

８． Unless based on the provisions of laws and regulations, the Companies shall not provide third parties with Personal Information without Customers’ consent.

（Request for Disclosure and Other Procedures）

９． If Customers wish that the Companies inform them of the objectives of use for Personal Information, or disclose, correct, add new information, delete, discontinue use of Personal Information they own, or discontinue providing it to third parties, they shall make such a request to the Companies following the procedures established separately by the Companies.

（Handling of Complaints）

１０． The Companies shall respond swiftly and appropriately to complaints and other inquiries about the handling of Personal Information.

（Certified Personal Information Protection Organization）

１１．　The Companies are members of the Japan Data Communications Association, a certified Personal Information protection organization. Complaints about its handling of Personal Information may be addressed to the Association’s Telecommunications Personal Information Protection Promotion Center for resolution.

• Address and phone number of the Center
  Sugamo-Muromachi Building
  2-11-1, Sugamo, Toshima-ku, Tokyo 170-8585
  Phone：03-5907-3803
• Business hours
  10:00-17:00

（Response at Time of Information Leak）

１２． If an accident occurs, such as leakage of Personal Information on Customers, the Companies shall take necessary steps, including swiftly notifying Customers concerned of the facts regarding the accident, in accordance with the provisions of the Guidelines.

（Review of Privacy Policy）

１３． The Companies shall strive to make continuous improvements concerning the handling of Personal Information in their organizations through various measures, such as putting in place internal regulations concerning the protection of Personal Information, implementing employee education programs, and carrying out internal audits.
Complaints and other inquiries concerning the Companies’ privacy policy should be addressed to:

• Name of the contact office
  Personal Information Protection Office
• Address, phone number, and email address for the office
  Shin-Nikkoh Building, 2-10-1, Toranomon, Minato-ku, Tokyo 105-0001
  Phone：03-5545-9700
• Business hours
  09:00 to 17:00
• Email agnsmktg@jp.att.com