Samsung SDS Europe Limited (“We” or the “Company”) are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.samsungsds.com/eu you are accepting and consenting to the practices described in this policy.

For the purpose of the Data Protection Act 1998 (the Act), the data controller is Samsung SDS Europe Limited of First Floor, No. 5 The Heights, Brooklands, Weybridge, Surrey, KT13 0NY.

1. Processing Personal Information

a. Information Processed
To serve users better and understand users' needs and interests, the Company processes the content and other information users provide during visiting sessions, including when users sign up for additional information, register an enquiry. This can include information in or about the content users provide, such as the date user enquiry has been registered. Company also processes information about how users use the Company's Website, such as the types of content users view or engage with or the frequency and duration of user's activities.

I) Information users provide
- Email address, name, Company name, Contact Number, User's company (department or store), user's position at user's company

II) Information collected during visiting sessions
- User's Activity log
- Information based on User's IP address
* Cookies are collected only for those who have left personal information at least once. For more information, please see [5. Cookies]

III) Refusal to consent : users have the right to refuse to collection of information.
However, if the user refuse to consent, the Company will be unable to respond to the enquiry registered.

b. Method of Collection
The Company collects personal information through the following means:

I) When users sign up for additional information, request for access to Gated Contents, register for seminar events

II) During visiting sessions, when users use the Company's Website

2. Purpose of Processing Personal Information

The information the Company collects to understand user's needs and interests helps Company deliver a consistent and personalized experience. The Company shall use such information only as described in this Privacy Policy and/or in the way the Company specifies at the time of collection. The Company will not subsequently change the way a user's personal data is used without the user's consent, as required by applicable law. Unless otherwise stated at the time of collection, the Company will use the user's personal data only in the following ways:

- To respond to and manage customer inquiries concerning services/products

- To provide feedback on and manage company-related inquiries concerning investment, career opportunities, website management, and reports on wrongful practices, and security reports

3. Sharing Personal Information with Third Parties

In principle, the Company does not disclose any of the personal information collected; however, the following are exceptions:

- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

- The Company may also use or disclose Marketing Information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), the Company may transfer Marketing Information to the relevant third party.

4. Outsourcing

The Company delegates some of the tasks required for providing services to an outside service provider :

- Outsourcing company: Oracle

- Outsourced work: Marketing Activity

- Information provided: Information described in 1.a) and b)

- Retention: The Company shall retain the user's personal information for a year after the user agrees to its collection and use. The Company shall immediately destroy the information when the retention period expires. However, if the retention of any personal information is required under applicable laws and regulations, the Company shall retain the information for a period in accordance with these laws and regulations.

5. COOKIES

Company may install and manage automated tools such as "cookies" that automatically gather, store, and find information strictly necessary for Service Cookies are very small text files that the server uses to operate the Company's website are sent to the browser of customer, which are then stored in the customer's computer hard disk.

There are a number of different types of cookies, however, the Company's website uses

- Strictly necessary Cookie - the Company uses these cookies to maintain your session.

- Functional Cookie - help us to optimize the site, for example, to collect statistics, to save your preferences for example, "Do not show pop-ups"

- Marketing Cookie - the Company uses these cookies for marketing purpose, for example "web-push"

You can also set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser except the strictly necessary cookie. However, in a few cases, part of the Company's website features cannot function as a result.

6. International transfer of personal information

The data that we collect from you will be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

a. Information transferred

- Required information: Name, email address, contact number
name, email address, contact number
- Optional information: Company name, user's department name, user's position at user's company, country name, company address, user's sales area
* The company uses cookies to better serve users.
* The required and optional information above includes not only the original information collected from users but also changes made to it.

b. Countries to which personal information is transferred, when and how to transfer the information

- Country to which personal information is transferred: Australia
- When and how to transfer the information: The information is transferred over the network when the user uses internet-based services provided on the Company's website.

c. Name of the outside service provider receiving personal information

- Company: Oracle Corporation Data Center (Australia)
- Contact
https://www.oracle.com/legal/privacy/services-privacy-policy.html
Chief Privacy Officer, Oracle Corporation
10 Van de Graaff Drive
Burlington, MA 01803
USA

d. The service provider's purpose of using personal information

The Company transfers personal information to the outside service provider so that it can conduct the tasks required to provide the following services, and oversees them to ensure that the service provider complies with the relevant privacy laws:

- To respond to and manage inquiries concerning the company, services/products, investment, career opportunities, website management.
- To provide events and other services, and to carry out email marketing activities
- To provide feedback on and manage inquiries concerning partner programs
- To respond to event-related inquiries, confirm users' identity for their participation in events, and prepare, conduct, review, and manage events based on customer requirements.

e. The outside service provider's retention period of personal information

The Company shall retain the user's personal information for a year after the user agrees to its collection and use. The Company shall immediately destroy the information when the retention period expires. However, if the retention of any personal information is required under applicable laws and regulations, the Company shall retain the information for a period in accordance with these laws and regulations.

7. Retention Period of Personal Information

The Company shall retain the user's personal information for a year after the user agrees to its collection and use. The Company shall immediately destroy the information when the retention period expires. However, if the retention of any personal information is required under applicable laws and regulations, the Company shall retain the information for a period in accordance with these laws and regulations.

8. YOUR RIGHTS

Right to access to information
The Article 15 of GDPR gives you the right to access information held about you. You may request a copy of personal information held about you by submitting this inquiry form. Your right of access can be exercised in accordance with the Article 15 of GDPR.

Right to object to processing
The Article 21 of GDPR gives you the right to ask company not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may opt-out of Samsung SDS's email marketing by submitting this inquiry form or by using our general unsubscribe automated link that is included in Samsung SDS marketing emails.

Right to rectification
The Article 16 of GDPR gives you the right to ask company to amend or correct your information that you submitted. You may request for changes by submitting this inquiry form

Right to erasure('right to be forgotten')
You have the right to ask us to delete your information by submitting this inquiry form. Our processing (i.e. deletion) of his personal data is based on Article 17 of the GDPR.

Right to data portability
You have the right to ask us for data portability of your information by submitting an inquiry form. Our processing (i.e. data portability) of his personal data is based on Article 20 of the GDPR.

You can also exercise the right at any time by contacting us at First Floor, No. 5 The Heights, Brooklands, Weybridge, Surrey, KT13 0NY, England OR contact.sds@samsung.com.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

9. Openness and Your Refusal or Withdrawal of Consent

In order to refuse or withdraw consent to Privacy Policy and Terms of Use by Clicking here and submit this form, and we will record and respect your choices.

In most cases you are free to refuse or withdraw your consent at any time. You may do so by contacting us by e-mail at contact.sds@samsung.com.

10. Security Measures

The Company takes the following technical, administrative, and physical measures needed to ensure security:

Establishment and Execution of Internal Management Plan
The Company establishes an internal management plan and executes it to protect personal information.

Reducing and Training Personal for the Handling of Information
The Company appoints and reduces the number of employees who handle personal information, and implements measures to manage personal information more efficiently.

Restrictions on Access to Personal Information
The Company takes the necessary steps to monitor access to personal information. This is done by granting, changing, and removing the access to database system where personal information is handled. The Company also deploys and uses an intrusion prevention system to control unauthorized access.

Keeping Access Records and Preventing Tampering
The Company retains records of access to the personal information handling system (e.g. web log and summary data) for at least 6 months and uses security features to prevent tampering, theft and any loss of access records.

Technical Measures against Hackers
To prevent the loss, destruction of, or damage to personal data caused by hackers or computer viruses, the Company has installed security software that has regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.

Unauthorized Access Monitoring
To prevent the loss, destruction of or damage to personal data caused by hacking or computer viruses, the Company has installed security software and implements regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.

11. CHANGES TO OUR PRIVACY POLICY

Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

12. Data Protection Officer

The Company appoints the following department and officers to protect personal information and handles complaints relating to personal information.

Data Protection Officer

- Name : Doyeon Kim
- Telephone : 44-78-2585-8022

Users can file complaints related to privacy and security issues that may arise from their use of the Company's services to Data Protection Officer. The Company will promptly provide satisfactory answers to users' complaints. If you need to report any privacy infringement or need additional counseling, please contact the following:

- Privacy Infringement Report Center (www.kisa.or.kr/118 /118)
- Privacy Mark Certification Committee (www.eprivacy.or.kr/02-580-0533~4)
- EU Data Protection Officer (+32 2 299 11 11/ data-protection-officer@ec.europa.eu)
Contact details for all EU Supervisory Authorities can be found here.

13. CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to First Floor, No. 5 The Heights, Brooklands, Weybridge, Surrey, KT13 0NY, England OR contact.sds@samsung.com.