TITLE

Notice of Changes to Privacy Policy

DEC.26.2016

DATE
DEC.26.2016

Samsung SDS has enacted a Privacy Policy in accordance with the reorganization of its website. The Privacy Policy revision has been effective since December 31, 2016. Please check the privacy policy details carefully so that you do not experience any inconvenience to using the website. I would like to ask for your continued support and interest in Samsung SDS.

* New Privacy Policy Date : December 31, 2016 (Sat)

Samsung SDS Co., Ltd. (“Company”) is committed to protect our users’ personal information and also to comply with the relevant privacy laws. This privacy policy describes exactly how and why the Company collects and uses personal information from its users. Additional measures are then taken to protect their personal information. Through notices on individual notices, the Company will inform users if there are any changes to its privacy policy.

The Company’s privacy policy specifies the following:

  1. 1. Processing Personal Information
  2. 2. Purpose of Processing Personal Information
  3. 3. Sharing Personal Information with Third Parties
  4. 4. Retention of Collected Information
  5. 5. Outsourcing
  6. 6. International transfer of personal information
  7. 7. Procedure and Methods for the Disposal of Personal Information
  8. 8. Cookies: Installation, Operation and Refusal
  9. 9. Security Measures
  10. 10. User’s Rights and Rights of User’s Legal Representative
  11. 11. Data Protection Officer
  12. 12. Notification

By using this website/service, users consent to the collection and use of the information as described here. If the Company decides to make changes to this privacy policy, the Company will post the changes on this site so that users will always know what information the Company collects, and how the Company uses it.
From time to time, as may be required by applicable law, the Company may also seek users’ explicit consent to process certain data and information collected on this website or volunteered by users.

There may be discrepancy in languages as this policy has been translated from Korean. Should there be any concerns regarding correct interpretation of this privacy policy, please contact the Company at contact.sds@samsung.com for further information.

1. Processing Personal Information

a. Information Processed

To serve users better and understand users’ needs and interests, the Company processes the content and other information users provide during visiting sessions, including when users sign up for additional information, register an enquiry. This can include information in or about the content users provide, such as the date user enquiry has been registered. Company also processes information about how users use the Company’s Website, such as the types of content users view or engage with or the frequency and duration of user’s activities.

a) Information users provide during visiting sessions
- Required information: Email address, name
- Optional Information: Company name, Contact Number, User’s company (department or store), user’s position at user’s company, contact number
b) Information collected during visiting sessions
- User’s Activity log
- Information based on User’s IP address
* For more information, please see [8. Cookies: Installation, Operation and Refusal]
c) Refusal to consent : users have the right to refuse to collection of information. However, if the user refuse to consent, the Company will be unable to respond to the enquiry registered.

b. Method of Collection

The Company collects personal information through the following means:
I) When users sign up for additional information, request for access to Gated Contents, register for seminar events
II) During visiting sessions, when users use the Company’s Website

2. Purpose of Processing Personal Information

The information the Company collects to understand user’s needs and interests helps Company deliver a consistent and personalized experience. The Company shall use such information only as described in this Privacy Policy and/or in the way the Company specifies at the time of collection. The Company will not subsequently change the way a user’s personal data is used without the user’s consent, as required by applicable law. Unless otherwise stated at the time of collection, the Company will use the user’s personal data only in the following ways:

- To respond to and manage customer inquiries concerning services/products
- To provide feedback on and manage company-related inquiries concerning investment, career opportunities, website management, and reports on wrongful practices, and security reports

3. Sharing Personal Information with Third Parties

In principle, the Company does not disclose any of the personal information collected; however, the following are exceptions:
- If the user has given consent to disclose information in advance; or
- The Company may also use or disclose Marketing Information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), the Company may transfer Marketing Information to the relevant third party.

4. Retention of Collected Information

The Company shall immediately destroy users’ personal information when it is no longer needed for the purpose which it was collected and used. However, the Company may retain the information below for a certain period of time for the following reasons:

(1) Retention of information in accordance with the Company's policies:
- Retained items: email address, name, user’s company (department or store), user’s position at user’s company
- Reason for retention: To manage users’ activity history
- Retention period: 1 year from the user’s last access to the website
(2) Retention of information as required under applicable laws and regulations
If the retention of any personal information is required under applicable laws and regulations, the Company will retain the information for a period in accordance with these laws and regulations.

5. Outsourcing

The Company delegates some of the tasks required for providing services to an outside service provider :
- Outsourcing company: Oracle
- Outsourced work: Marketing Activity
- Information provided: Information described in 1.a) and b)
- Retention: Destroyed upon visitor’s discard request

6. International transfer of personal information

The Company may transfer users’ personal information to South Korea and Australia in order to better facilitate the Service. By using this website or providing any personal information to the Company, users consent to the transfer, processing, and storage of such information outside of user’s country of residence where data protection standards may be different.

7. Procedure and Methods for the Destruction of Personal Information

In accordance with the Company’s retention policy expressed in article 4 of this privacy policy, the Company destroys the information by implementing below procedure and destruction method:

a. Destruction Procedure
The information customers provided will be stored for a certain period of time and then destroyed of as soon as the purposes of collecting the information are fulfilled under the Company’s policy (see Retention Period of Personal Information).
The said information will not be used for purposes other than retention unless required by law.
b. Destruction Method
The personal information printed in paper will be shredded or burned.
The personal information stored in electronic files will be deleted using the technical methods that prevent retrieval of such data.

8. Cookies: Installation, Operation and Refusal

Company may install and manage automated tools such as "cookies" that automatically gather, store, and find information strictly necessary for Service Cookies are very small text files that the server uses to operate the Company's website are sent to the browser of customer, which are then stored in the customer’s computer hard disk.

a. The Company uses cookies for the following purposes.
(I) Remember Customer Log-in ID and customers’ preference to “do not show pop-ups".
(II) The Customer has a right to block or allow cookies. The customer can manage settings in the web browser to allow all cookies, allow cookies after confirmation, or block all cookies.
b. How to "Block Cookies"
Setting Method (for Internet Explorer) : Go to Tools  Internet Options  Privacy.
However, customers may experience difficulties using certain services after blocking the cookies.

To reject cookie settings, users can select the web browser option to allow all cookies, to check cookies whenever saved, or to reject them all.
Setting Method (for internet explorer)
Go to Tools > Internet Option > Personal Information on the top of the web browser
However, when the Customer rejects cookie installation, there may be difficulties in service provision.
c. Below are list of cookies employed, and they are only active for visiting sessions
Below are list of cookies employed, and they are only active for visiting sessions
Classification Name Purpose
Auto ID save upon visit Customer Guid Identify the visitor without Log-in
Activity reponse Total conversation To serve better interactions, this cookie tracks web behaviors of email subscribers and web form submitters
Total Pages
Total Time
Total visits
Most recent search query
Most recent search engine
Most recent referrer
Most recent marketing campaign
Most recent form submitted
Last visit date and time
Last page in visit
First visit date and time
First page in visit
IP address based information City To serve better interactions, this cookie assumes regions and companies of email subscribers and web form submitters
Company
Company DNS name
Country(from DNS)
Country (from IP)
Latiude
Longitude
State/Province
Timezone
Timezone offset from GMT
Zip code

9. Security Measures

The Company takes the following technical, administrative, and physical measures needed to ensure security:

Establishment and Execution of Internal Management Plan
The Company establishes an internal management plan and executes it to protect personal information.
Reducing and Training Personal for the Handling of Information
The Company appoints and reduces the number of employees who handle personal information, and implements measures to manage personal information more efficiently.
Restrictions on Access to Personal Information
The Company takes the necessary steps to monitor access to personal information. This is done by granting, changing, and removing the access to database system where personal information is handled. The Company also deploys and uses an intrusion prevention system to control unauthorized access.
Keeping Access Records and Preventing Tampering
The Company retains records of access to the personal information handling system (e.g. web log and summary data) for at least 6 months and uses security features to prevent tampering, theft and any loss of access records.
Technical Measures against Hackers
To prevent the loss, destruction of, or damage to personal data caused by hackers or computer viruses, the Company has installed security software that has regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.
Unauthorized Access Monitoring
To prevent the loss, destruction of or damage to personal data caused by hacking or computer viruses, the Company has installed security software and implements regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.

10. User’s Rights and Rights of User’s Legal Representative

Users and their legal representatives can access or edit their personal information provided to the Company at any time. Once a request to access, edit or delete personal information is made to the Privacy Officer by phone or by e-mail, the officer will immediately confirm the requester’s identity and take appropriate action.

If the user requests for correction of an error in his/her personal information, the information will not be used or provided until the correction has been completed. In addition, if false personal information has already been provided to a third party, the Company will immediately notify the third party, so that corrections can be made immediately. Personal information that is cancelled or deleted, from the request of the user or their legal representative, will be handled in accordance with the Company policy described in “Retention of Personal Information”. This information will not be accessed or used for any other purpose.

11. Data Protection Officer

The Company appoints the following department and officers to protect personal information and handles complaints relating to personal information.

Chief Information Security Officer
- Name : Vice President Jayseok Lee
- Telephone : 82-2-6155-0119
- E-mail : infosec@samsung.com
Chief Privacy Officer
- Name : Group Leader Yoon Gi-Wone
- Telephone : 82-2-6155-6203
- E-mail : gw_yoon@samsung.com
Data Protection Officer
- Name : Principal Specialist Eunjung Lee
- Telephone : 82-2-6155-0590
- E-mail : eunjunglee@samsung.com
Users can file complaints related to privacy and security issues that may arise from their use of the Company’s services to the Chief Data Protection Officer. The Company will promptly provide satisfactory answers to users’ complaints.

12. Notification

The Company shall notify users promptly when additions, deletions or changes are made to this Privacy Policy via notice board. In the event of a security breach caused by hacking or computer virus, the Company shall immediately notify all users affected.




Privacy Policy Version: V.3.0
Privacy Policy Effective Date: January December 31, 2016
Latest Update to Privacy Policy: December 31, 2016