Samsung SDS Privacy Policy

Samsung SDS Co., Ltd. (“Company”) is committed to protect our users’ personal information and also to comply with the relevant privacy laws. This privacy policy describes exactly how and why the Company collects and uses personal information from its users. Additional measures are then taken to protect their personal information. Through notices on individual notices, the Company will inform users if there are any changes to its privacy policy.

The Company’s privacy policy specifies the following:

  1. 1. Processing Personal Information
  2. 2. Purpose of Processing Personal Information
  3. 3. Sharing Personal Information with Third Parties
  4. 4. Retention of Collected Information
  5. 5. Outsourcing
  6. 6. International transfer of personal information
  7. 7. Procedure and Methods for the Disposal of Personal Information
  8. 8. Cookies: Installation, Operation and Refusal
  9. 9. Security Measures
  10. 10. User’s Rights and Rights of User’s Legal Representative
  11. 11. Data Protection Officer
  12. 12. Notification

By using this website/service, users consent to the collection and use of the information as described here. If the Company decides to make changes to this privacy policy, the Company will post the changes on this site so that users will always know what information the Company collects, and how the Company uses it.
From time to time, as may be required by applicable law, the Company may also seek users’ explicit consent to process certain data and information collected on this website or volunteered by users.

There may be discrepancy in languages as this policy has been translated from Korean. Should there be any concerns regarding correct interpretation of this privacy policy, please contact the Company at contact.sds@samsung.com for further information.

This policy takes effect on April 26, 2023.

1. Processing Personal Information


(1) Collected Information

The Company processes the following personal information in order to respond to and manage inquiries on the Company, its services/products, investment, career opportunities, website, resource materials download, events and registration services, create account and free trial application, newsletter subscription, reports on wrongful practices, security reports, reports on wrongful practices & violation of compliance and EBC visitations. Samsung SDS does not collect personal information from users under 14 years of age.

Inquiries
- Required information: Name, Title, Email address, Contact Number, Company, Industry, Company Size
※ We use cookies to improve your experience. Find more details on the collected cookie information in the Privacy Policy(Article 8).

- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of required information. Users have the right to refuse to collection of optional information. There may be restrictions in responding to inquiries if user refuse to consent.
Resource Materials (White Paper, Brief, Video, etc.) Download
- Required information: Name, Email address, Contact Number
- Optional Information: Company name, User’s Department, User’s Job Title at user’s company
※ We use cookies to improve your experience. Find more details on the collected cookie information in the Privacy Policy(Article 8).

- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of required information. Users have the right to refuse to collection of optional information. There may be restrictions in downloading resource materials if user refuse to consent.
Inquiries on Events
- Required information: First name, Last name, Email address, Contact Number
- Optional Information: Company name, User’s Department, User’s Job Title and Work at user’s company, Country, Company address
※ We use cookies to improve your experience. Find more details on the collected cookie information in the Privacy Policy(Article 8).

- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of required information. Users have the right to refuse to collection of optional information. There may be restrictions in responding to inquiries if user refuse to consent.
Event Registration
- Required information: First name, Last name, Contact Number
- Optional Information: Company name, User’s Department, User’s Job Title and Work at user’s company, Country, Company address
※ We use cookies to improve your experience. Find more details on the collected cookie information in the Privacy Policy(Article 8).

- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of required information. Users have the right to refuse to collection of optional information. There may be restrictions in responding to inquiries if user refuse to consent.
Create account and Free Trial Application
- Required information : Name, Email address, password, telephone number, company name
- Optional Information : Department, Position, Survey for free trial(Whether to use other platforms, reason for applying, purchase plan , interesting items, type of service, type of partner)
※ We use cookies to improve your experience. Find more details on the collected cookie information in the Privacy Policy(Article 8).

- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of required information. Users have the right to refuse to collection of optional information. There may be restrictions in responding to inquiries if user refuse to consent.
Newsletter Subscription
- Required information: Email address
- Optional Information: First name, Last name
※ We use cookies to improve your experience. Find more details on the collected cookie information in the Privacy Policy(Article 8).

- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of required information. Users have the right to refuse to collection of optional information. There may be restrictions in responding to inquiries if user refuse to consent.
Reporting Wrongful Practices
- Required information: Name
- Optional Information: Email address, Contact number
- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of information, and such refusal shall not restrict reporting of wrongful practice. (Anonymous reporting allowed)
However, there may be restrictions in responding to reports if user refuse to consent.
Security Report Center/Reporting Wrongful Practices & Violation of Compliance (Reports)
- Required information: none
- Optional Information: Name, Contact number, Email address
- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of information, and such refusal shall not restrict security related reporting. (Anonymous reporting allowed)
However, there may be restrictions in responding to reports if user refuse to consent.
Inquiries on Visiting EBC
- Required information: First name, Last name, Email address, Contact number
- Optional Information: Company name, User’s Job Title at user’s company
※ We use cookies to improve your experience. Find more details on the collected cookie information in the Privacy Policy(Article 8).

- Right to refuse consent and resulting disadvantages
Users have the right to refuse to collection of required information. Users have the right to refuse to collection of optional information. There may be restrictions in inquiries service if user refuse to consent.
The following cookie information may automatically be created and collected in the use of website services:
- User's activity log
- Information based on user's IP address
※ Find more details in the Privacy Policy(Article 8. Cookies: Installation, Operation and Refusal)

(2) Method of Collection

The Company collects personal information through the following means:
- When users make inquiries, download resource materials(videos, briefs, White Papers, etc.), make inquiries on and register for events, create account and apply for free trial
- During visiting sessions, when users use the Company’s Website
- When users report wrongful practices, use security reporting center services
- When users make inquiries on EBC visits

2. Purpose of Processing Personal Information

The Company shall use the collected personal information for the following purposes:

- To respond to and manage customer inquiries concerning services/products.
- To provide resource materials
- To provide feedback on and manage company-related inquiries concerning partner program, events registration and meetings
- To prepare, host, review and manage events matching customers’ needs and to check identification for event participation
- To provide feedbacks on application for free trials and to inform on the status of free trial accounts
- To process and reply reports on wrongful practices, security reporting center
- To provide and manage newsletter subscription feedbacks, and inquiries on EBC visits
- To send marketing materials such as news on latest releases of Samsung SDS solutions, events, and newsletters via email, and gifts

3. Transfer of Personal Information to Third Parties

- If the user has given consent to disclose information in advance; or
- The Company may also use or disclose Marketing Information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), the Company may transfer Marketing Information to the relevant third party.
- When coordination and communication among members of Samsung SDS offices at home and abroad using internet relevant services provided by the Company’s website(www.samsungsds.com) is needed
※ See Samsung SDS Korea and Global Offices. (https://www.samsungsds.com/en/company/global_offices/about_global_offices.html)

4. Retention of Collected Information

The Company shall immediately destroy users’ personal information when it is no longer needed for the purpose which it was collected and used. However, the Company may retain the information below for a certain period of time for the following reasons:

(1) Retention of information in accordance with the Company's policies:
- Retained items: collected information under Article 1(1)
- Reason for retention: To manage users’ activity history
- Retention period: 2 years
(2) Retention of information as required under applicable laws and regulations
If the retention of any personal information is required under applicable laws and regulations, the Company will retain the information for a period in accordance with these laws and regulations.

5. Outsourcing

The Company delegates some of the tasks required for providing services to an outside service provider, ensuring necessary measures to safely manage personal information in accordance with relevant laws. The following are the outsourcing company and the outsourced work: However, reports on wrongful practices and security reporting center (reports) specified in Article
1.1 is excluded from outsourced work.

- Outsourcing company: Oracle Corporation
- Outsourced work: Processing personal information for the purposes of providing resource materials downloading and viewing services, responding to general inquiries on the Company, managing partner program applications, preparing, hosting, reviewing and managing events matching customers’ needs and to check identification for event participation
※ The information above includes not only initially collected information but also edited information.
- Retention: 2 years from user’s consent to collection and use of personal information

- Outsourcing company: Diamond Ogilvy Group
- Outsourced work: Refining Eloqua marketing solution DB and sending out eDM
- Retention: For contracted term (Until December 31, 2023); provided that the contracted term may be extended.

- Outsourcing company : Dmining
- Outsourced work : Managing entrances through events and delivering gifts
- Retention : 3 months from user’s consent to collection of information for events

Also, outsourcing is possible in following cases:
- when users have previously consented;
- when investigating authorities request in accordance with legislative regulations, under procedures and methods set by law for investigating purposes.

6. International transfer of personal information

The Company transfers user’s personal information to third party overseas as detailed below and may process the information at a server outside user’s country of residence.

(1) Receiving business and contact information
- Name : Oracle Corporation Data Center (Australia)
- Contact info. : https://www.oracle.com/legal/privacy/services-privacy-policy.html
Oracle Corporation
Global Data Protection Officer
Willis Tower
233 South Wacker Drive
45th Floor
Chicago, IL 60606
U.S.A.
(2) Destination Country, Date and Method of Transfer
- Destination country: Australia
※ Location of overseas base : Oracle Corporation Data Center (Australia)
- Date and method of transfer: Transfer through network at the time of using internet related service provided via Samsung SDS website
(3) Transferred Personal Information: Among the items of collected personal information of Article 1.(1), reports of wrongful practices and security report center(reports) are excluded.
※ The information above includes not only initially collected information but also edited information.
(4) Purpose of Using Transferred Personal Information
The Company transfers personal information to the outside service provider so that it can conduct the tasks required to provide the following services, and oversees them to ensure that the service provider complies with the relevant privacy laws:

- To respond to and manage inquiries concerning the company, services/products, investment, career opportunities, website management.
- To provide events and other services, and to carry out email marketing activities
- To respond to event-related inquiries, confirm users’ identity for their participation in events, and prepare, conduct, review, and manage events based on customer requirements.
(5) Purpose of using personal information and retention period of the receiver
- Users’ personal information shall retained for 2 years following consent to collection and use of personal information and be immediately destroyed after 2 years. However, if the retention of any personal information is required under applicable laws and regulations, such information shall be retained for a period in accordance with these laws and regulations.
(6) Right to refuse consent and resulting disadvantages
- Users have the right to refuse to collection of information. There may be restrictions in services if user refuse to consent.

7. Procedure and Methods for the Destruction of Personal Information

The Company destroys the information of which the purpose of collection and use is met or retention period has ended with out delay, implementing procedure and destruction method below.

a. Destruction Procedure
The information customers provided will be destroyed of as soon as the purposes of collecting the information are fulfilled. However, if the retention of any personal information is required under applicable laws and regulations, such information shall be retained for a period in accordance with these laws and regulations before destroying. The said information will not be used for purposes other than retention unless required by law.
b. Destruction Method
The personal information printed in paper will be shredded or burned.
The personal information stored in electronic files will be deleted using the technical methods that prevent retrieval of such data.

8. Cookies: Installation, Operation and Refusal

Company may install and manage automated tools such as "cookies" that automatically gather, store, and find information strictly necessary for Service Cookies are very small text files that the server uses to operate the Company's website are sent to the browser of customer, which are then stored in the customer’s computer hard disk.

a. The Company uses cookies for the following purposes.
(I) Remember Customer Log-in ID and customers’ preference to “do not show pop-ups".
(II) The Customer has a right to block or allow cookies. The customer can manage settings in the web browser to allow all cookies, allow cookies after confirmation, or block all cookies.
b. How to "Block Cookies"
Setting Method (for Internet Explorer) : Go to Tools  Internet Options  Privacy.
However, customers may experience difficulties using certain services after blocking the cookies.

To reject cookie settings, users can select the web browser option to allow all cookies, to check cookies whenever saved, or to reject them all.
Setting Method (for internet explorer) Go to Tools > Internet Option > Personal Information on the top of the web browser
However, when the Customer rejects cookie installation, there may be difficulties in service provision.
c. Below are list of cookies employed, and they are only active for visiting sessions
Below are list of cookies employed, and they are only active for visiting sessions
Classification Name Purpose
Auto ID save upon visit Customer Guid Identify the visitor without Log-in
Activity reponse Total conversation To serve better interactions, this cookie tracks web behaviors of email subscribers and web form submitters
Total Pages
Total Time
Total visits
Most recent search query
Most recent search engine
Most recent referrer
Most recent marketing campaign
Most recent form submitted
Last visit date and time
Last page in visit
First visit date and time
First page in visit
IP address based information City To serve better interactions, this cookie assumes regions and companies of email subscribers and web form submitters
Company
Company DNS name
Country(from DNS)
Country (from IP)
Latiude
Longitude
State/Province
Timezone
Timezone offset from GMT
Zip code

9. Security Measures

The Company takes the following technical, administrative, and physical measures needed to ensure security:

Establishment and Execution of Internal Management Plan
The Company establishes an internal management plan and executes it to protect personal information.
Reducing and Training Personal for the Handling of Information
The Company appoints and reduces the number of employees who handle personal information, and implements measures to manage personal information more efficiently.
Restrictions on Access to Personal Information
The Company takes the necessary steps to monitor access to personal information. This is done by granting, changing, and removing the access to database system where personal information is handled. The Company also deploys and uses an intrusion prevention system to control unauthorized access.
Keeping Access Records and Preventing Tampering
The Company retains records of access to the personal information handling system (e.g. web log and summary data) for at least 6 months and uses security features to prevent tampering, theft and any loss of access records.
Technical Measures against Hackers
To prevent the loss, destruction of, or damage to personal data caused by hackers or computer viruses, the Company has installed security software that has regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.
Unauthorized Access Monitoring
To prevent the loss, destruction of or damage to personal data caused by hacking or computer viruses, the Company has installed security software and implements regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.

10. User’s Rights and Rights of User’s Legal Representative

Users and their legal representatives can access or edit their personal information provided to the Company at any time. Once a request to access, edit or delete personal information is made to the Privacy Officer by phone or by e-mail, the officer will immediately confirm the requester’s identity and take appropriate action.

If the user requests for correction of an error in his/her personal information, the information will not be used or provided until the correction has been completed. In addition, if false personal information has already been provided to a third party, the Company will immediately notify the third party, so that corrections can be made immediately. Personal information that is cancelled or deleted, from the request of the user or their legal representative, will be handled in accordance with the Company policy described in “Retention of Personal Information”. This information will not be accessed or used for any other purpose.

11. Data Protection Officer

The Company appoints the following department and officers to protect personal information and handles complaints relating to personal information.

Chief Privacy Officer
- Name : Group Leader Shim Young-Sun
- Telephone : 82-2-6155-1118
- E-mail : privacy.sds@samsung.com
Data Protection Officer
- Name : Principal Professional Youngjin Lah
- Telephone : 82-2-6155-0703
Users can file complaints related to privacy and security issues that may arise from their use of the Company’s services to the Chief Data Protection Officer. The Company will promptly provide satisfactory answers to users’ complaints.

If you wish to report or consult on infringement of personal information, contact the following institutions.
- Personal Information Protection Commission: www.pipc.go.kr
- Personal Information Infringement Report Center: privacy.kisa.or.kr
- Personal Information Dispute Mediation Committee: www.kopico.go.kr
- Supreme Prosecutors’ Office Cybercrime Investigation Division: cybercid.spo.go.kr
- Police Cyber Bureau: www.police.go.kr/www/security/cyber.jsp

12. Notification

The Company shall notify users at least 7 days prior to any additions, deletions or changes are made to this Privacy Policy via notice board. In the event of a security breach caused by hacking or computer virus, the Company shall immediately notify all users affected.




Privacy Policy Version: V.6.1
Privacy Policy Effective Date: October 1, 2012
Latest Update to Privacy Policy:April 26, 2023

Share