We at Samsung SDS Asia Pacific Pte. Ltd. (“Samsung SDSAP”) take our responsibilities under the Personal Data Protection Act 2012 Singapore (the “PDPA”) seriously. We also recognise the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
This Data Protection Policy is designed to assist you in understanding how we collect, use and/or disclose the personal data you have provided to us, as well as to assist you in making an informed decision before providing us with any of your personal data.
If you, at any time, have any queries on this policy or any other queries in relation to how we may manage, protect and/or process your personal data, please do not hesitate to contact our Data Protection Officer (the “DPO”) at: dpo.sdsap@samsung.com
1.1 “Personal data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data could include names, identification numbers, contact information, financial records, credit card information, photographs and video images.
1.2 We will collect your personal data in accordance with the PDPA. In general, before we collect any personal data from you, we will notify you of the purposes for which your personal data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your personal data for the intended purposes.
1.3 Your personal data may also be collected, used or disclosed if we have assessed that to do so would be in our legitimate interests and beneficial to the public. Before doing so, we will take steps to ensure that any adverse effects that might arise for you have already been identified and eliminated, reduced or mitigated.
2.1 The personal data which we collect from you may be collected, used and/or disclosed for the following purposes:
(a) processing and/or administering any product-related inquiries, consultations, negotiations, orders, deliveries, or providing customer support in relation to the purchase of our products and services;
(b) processing and/or administering requests for access and/or correction of your personal data;
(c) administering and/or managing the use of facilities such as the facilities within Samsung SDSAP’s premises, including but not limited to keeping records of visits to our premises and CCTV recordings;
(d) processing your registration and/or participation for seminars, exhibitions, and other events organised or co-organised by Samsung SDSAP;
(e) carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
(f) conducting customer due diligence or other screening and personal identification in accordance with laws, regulations or our risk management procedures that may be required by law or that may have been put in place by us;
(g) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned;
(h) complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Singapore or elsewhere, with which we are expected to comply;
(i) complying with or as required by any request or direction of any governmental authority, or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
(j) storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
(k) administering security matters and/or arrangements;
(l) conducting research, analysis and development activities (including but not limited to data analytics, surveys) to improve our products and services in order to enhance your relationship with us or for your benefit;
(m) processing marketing communications when you sign up to receive or otherwise consent to receive marketing communications via e-mail, mobile messages (including via text message and/or push notifications), and/or postal mailings;
2.2 In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, which may be sited outside of Singapore, for one or more of the above-stated Purposes. This is because such third party service providers, agents and/or affiliates or related corporations would be processing your personal data on our behalf for one or more of the above-stated Purposes.
3.1 In connection with the service, the Company collects and processes the following types of personal information in a variety of ways.
(a) Information that you provide directly
• Name, Email address, Company name, Telephone Number.
(b) Information collected during visiting sessions
• User's Activity log
• Information based on User's IP address
3.2 We will not collect “sensitive information”, such as racial or ethnic origin opinions, political opinions, religious or philosophical beliefs, trade-union membership, genetic and biometric data processed solely to identify a human being, a person’s sex life or sexual orientation
3.3 We will not collect personal information from children under the age of 18.
3.4 We will not collect, use, or provide behavioural information for online customized advertisements.
3.5 We will not sell any personal information of users.
4.1 We will process and retain personal information for the period of possession and use of personal information as follow:
(a) Providing Answers: After processing the request, keep it for 1 year (365 days) and delete it.
(b) Marketing communications: Upon receiving customer's request to cease any and/or all marketing communications, all personal information relevant to the customer would need to be deleted immediately after processing the request. In the event that there are situations that would require the possession of the personal information after customer's request, SDSAP will only retain and use relevant information for the purpose and will delete it immediately not more than 1 year later.
5.1 We respect the confidentiality of the personal data you have provided to us.
5.2 In that regard, we will not disclose any of your personal data to any third parties without first obtaining your express consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
(a) cases in which the disclosure is required based on the applicable laws and/or regulations;
(b) cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;
(c) cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
(d) cases in which there are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;
(e) cases in which the disclosure is necessary for any investigation or proceedings;
(f) cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer; and/or
(g) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.
5.3 The instances listed above at paragraph 3.2 are not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the First and Second Schedules of the PDPA which is publicly available at https://sso.agc.gov.sg/.
5.4 In all other instances of disclosure of personal data to third parties with your express consent, we will endeavour to provide adequate supervision over the handling and administration of your personal data by such third parties, as well as to provide for adequate forms of protection over such personal data.
5.5 Where personal data is transferred by us to any third parties outside of Singapore, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations to ensure that these overseas recipients provide a standard of protection to the personal data so transferred that is comparable to the protection under the PDPA.
6.1 This section outlines how and for what purpose that we may transfer your personal data information to a country outside of Singapore
6.2 We will transfer your personal information to third parties outside Singapore in accordance to this clause 6.2 follows: and can process personal information of users located outside of the country where users reside.
(a) Third Party Recipient: Oracle Corporation Data Center
• Legal basis for transfer: Your consent and performance of a contract
• Recipients of personal information: Oracle Corporation Data Center
• Transferred country: Australia
• Date of transfer: When you are using the service
• Transfer method: Network transmission to remote locations
• Purpose of transfer: System operation and maintenance
• Types of personal information we transfer: Name, Email address, Company name, Telephone Number, Country
• Period of retention and use of personal information: For a year after the user agrees to its collection and use or until withdrawal of consent
• How to refuse the transfer of personal information, procedures and effects of refusal: If you object to the sharing, please contact us. (dpo.sdsap@samsung.com) If you choose to opt-out, you will not be able to use the service.
7.1 We may install and manage automated tools such as "cookies" that automatically gather, store, and find information strictly necessary for Service Cookies are very small text files that the server uses to operate the Company's website are sent to the browser of customer, which are then stored in the customer's computer hard disk.
The types of cookies that we use are as follow:
a) Strictly necessary cookies – these cookies are used to maintain your session
b) Functional cookies – these help us to optimize the site, for example, to collect statistics, to save your preferences for example, "Do not show pop-ups"
c) Marketing cookies- we use these for marketing purposes for example “web-push”.
7.2 To reject cookie settings, users can select the web browser option to allow all cookies, to check cookies whenever saved, or to allow them all.
You may request to access and/or correct the personal data currently in our possession at any time by submitting your request through the following methods:
(a) E-mail : dpo.sdsap@samsung.com Attention it to the “Data Protection Officer”.
(b) Office address: 30 Pasir Panjang Road #16-31. Mapletree Business City Singapore 117440 Attention it to the “Data Protection Officer”.
9.1 You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control at any time by submitting your request to the contact details listed below at paragraph 12.
9.2 We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing your personal data in the manner stated in your request.
10.1 We will take appropriate measures to keep your personal data accurate, complete and updated.
10.2 We will also use commercially reasonable efforts to take appropriate precautions and preventive measures to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
10.3 We will also take commercially reasonably efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
11.1 We would like to make sure you are fully aware of all of your privacy rights. You are entitled to the following:
(a) The right to access, or have your information provided to you - You have the right to ask the Company for copies of your personal information about you in machine-readable form.
(b) The right to change or correct personal information - You have the right to request that the Company change, update or correct your personal information that you believe is inaccurate.
(c) The right to delete personal information - You have the right to request that the Company delete your personal information.
(d) The right to object to, limit or restrict processing - You have the right to ask the Company to stop using personal information about you or to limit the Company’s use of it, under certain conditions.
11.2 Personal information that is restricted or deleted at the request of the user or the user’s legal representative, will also be treated as specified in “4. RETENTION PERIOD OF PERSONAL INFORMATION”.
12.1 If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.
12.2 Please contact us through one of the following methods with your complaint or grievance:
(a) E-mail: dpo.sdsap@samsung.com Attention it to the “Data Protection Officer”.
(b) Office address: 30 Pasir Panjang Road #16-31. Mapletree Business City Singapore 117440. Attention it to the “Data Protection Officer”.
12.3 Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in Samsung SDS to handle. For example, you could insert the subject header as “PDPA Complaint”.
12.4 We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
13.1 As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
13.2 We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion. Any amended Data Protection Policy will be posted on our website and can be viewed at www.samsungsds.com/ap/index.html.
13.3 You are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
Last Updated on May 20, 2025
Privacy Policy Version: V.1.0
Privacy Policy Effective Date: May 20, 2025